Late Tuesday evening, scores of Solana suddenly found their crypto wallets completely drained of their digital contents. Unidentified hackers had broken into thousands of hot wallets — software-based crypto wallets that require an active connection to the internet — and arranged for the transfer of all funds in these wallets to an unknown third party.
Solana initially confirmed the hack in a Tuesday night tweet, saying: “Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.” Then Solana made a follow-up tweet early Wednesday morning, confirming that “7,767 wallets [had] been affected.”
And the number of infected wallets continued to climb into Wednesday.
The total amount stolen? Reportedly, more than $5 million in SOL, SPL, and other tokens that live on the Solana blockchain.
Solana hack rekindles debate on hot wallet security
So how were so many crypto wallets compromised? Blockchain auditors OtterSec believe that the hackers were able to execute this theft on this scale due to a “private key compromise.” Upon reviewing the transaction history of affected users, they’d found that each wallet-draining “transaction” was signed by the users themselves. Although early reports suggested that the hackers exploited a vulnerability on Phantom, reports flooded in later in the evening of Slope and TrustWallet users also falling victim to the hack.
In a tweet from the Solana Status Twitter account, engineers studying the hack may have uncovered the root cause of this hack that has “resulted in approximately 8,000 wallets being drained.” Due to the widespread nature of the hack, it’s believed that hackers were able to get into a range of hot wallets by exploiting shared software among these software-based wallets, not code in the Solana system itself. And, worse yet: the hack is ongoing, which means even more wallets are being drained.
This news is particularly alarming to users who’ve long relied on software-based hot wallets that live on your devices as applications or browser extensions for their convenience. While being able to buy and sell NFTs with just a few taps or clicks does wonders in making the exploration of all things Web3 more accessible and convenient, this particular hack has sparked renewed debates on the long-term viability of web-reliant crypto wallets.
Several figures in the Web3 space are urging users to practice even more caution than usual. Heidi Chakos, known as blockchainchick in Web3, is one of many Web3 community leaders calling for users to transfer their funds to hardware wallets or cold storage before it’s too late. In a follow-up tweet, Chakos also urged users to stay vigilant and avoid interacting with anyone claiming they have solutions to this latest hack.
In the meantime, blockchain engineers have been continuing their investigation. A Solana Status tweet has confirmed that hardware wallets remain safe from the hack, and that users affected by the hack must abandon their compromised wallets immediately.
Editor’s note: This article was updated to explicitly lay out the timeline of initial drains on Solana wallets, confirmation from the blockchain platform, and the running amount of dollars stolen.