Solana is currently facing a major hack that has so far targeted over 8000 wallets thus far. It is estimated that nearly $8 million in SOL and USDC coins may have been drained from the affected wallet.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
Solana is already responding to the vulnerability. But at the time of writing, the hack was still ongoing and it is likely more wallets may be affected. The incident could also affect major P2E and GameFi projects on Solana.
Solana Hack: What We Know So Far
Reports of the attack started to emerge in the early hours of August 3. A few hours later, Solana came out with a statement confirming the hack. The statement noted that hackers appear to have exploited a vulnerability in connected software wallets to target and drain assets worth millions of dollars.
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
Updates will be posted to https://t.co/ivyoIbdCDP as they become available. 2/2
— Solana Status (@SolanaStatus) August 3, 2022
Solana also notes that as of 5 A.M UTC, 7,767 wallets had been drained. Initially, it was believed that the hack largely targeted Slope and Phantom wallets. But it is emerging that more wallets may be affected.
Also, there were some reports that the hackers were targeting wallets that have been inactive for over 6 months. This theory has also been dispelled. The exact value of assets drained is still unknown. But some estimates suggest that over $8 million may have been lost so far.
There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.
Do not reuse your seed phrase on a hardware wallet – create a new seed phrase.
Wallets drained should be treated as compromised, and abandoned.
— Solana Status (@SolanaStatus) August 3, 2022
There is however no evidence at the moment that hardware wallets have been affected. Solana is in fact encouraging users to move assets to hardware wallets right away. We have also seen reports that transferring assets to a reliable Central Exchange could work.
Solana has also said that preliminary investigations have ruled out any possible exploits on its core code. The hack seems like a supply chain attack that has so far targeted iOS and Android applications.
In essence, the Solana hack may have exploited weaknesses in apps or browser extensions connected to the ecosystem.
The Solana hack also comes barely 24 hours after hackers exploited the Nomad Crypto bridge and stole $200 million in assets. These security breaches are also becoming very common. This Report By Elliptic, a leading cyber security firm, found that in 2022, over $1 Billion in assets was stolen through crypto hacks.
What to Do for Now?
The first thing to do is to check if your wallet has been affected. You can visit this link to do it. Solana is still trying to get to the bottom of this exploit. The ecosystem is urging all affected persons to fill in a simple survey that would help the engineers find the vulnerability. You can find the survey form here.
Also, for those who have access to hardware wallets, you are advised to move your assets there immediately. As for folks who got into Solana via software wallets, you must have received a 12-word recovery phrase. This phrase was however generated by the software wallet itself and as such, if the wallets are compromised, likely, the recovery phrase is as well.
So, if you move assets to a hardware wallet, do not import that recovery phrase. Instead, you are advised to generate a new phrase.
Additionally, if anybody reaches out to you with an offer of help regarding this hack, just ignore them. Until the root cause of the Solana hack gets a solution, the safest option is to transfer assets to offline wallets.
Solana Hack: How Its Affecting P2E and GameFi
Solana has grown in recent years to become one of the most preferred ecosystems for play-to-earn and GameFi projects. The platform offers incredibly high speeds and low transaction fees. This has allowed it to rival Ethereum, one of the first pioneers of P2E infrastructure.
Solana has also seen an explosion in NFTs in its ecosystem. This analysis by Messari in fact shows that NFTs minted on Solana have increased massively in 2022. With these facts, it is understandable that the ongoing Solana hack may as well affect a lot of projects in P2E and GameFi.
The Extent of the Damage to P2E
It’s very difficult for now to know exactly how P2E projects on Solana have been affected by this breach. We are likely going to learn more over the coming days. It is however important to note that two of the most affected wallets (Slope and Phantom) are compatible with major P2E projects on Solana.
For security reason, we have to move our Treasury fund to cold wallet, we will announce a new holding address once the hacking issue resolved. Following is the transaction detail: https://t.co/dCm04WMoAM
— STEPN | Public Beta Phase IV (@Stepnofficial) August 3, 2022
We have even seen some Tweets that the STEPN Wallet, one of the biggest GameFi projects on Solana, may have been compromised. STEPN is however not taking chances. While acknowledging the potential threat posed by the Solana hack, the app has decided to move its Treasury fund to a cold wallet.
The popular move-to-earn app says that the move is temporary. Once the exploit on the Solana ecosystem abates, STEPN will announce a new holding address. STEPN has also issued a few guidelines for its users during this moment.
The move-to-earn app believes that users who had either imported non-custodial wallets to the STEPN ecosystem are the most vulnerable. These users should check their wallets and see if anything is missing.
STEPN is also advising its community to transfer assets from these non-custodial wallets to a different secure location. You may also want to generate a new non-custodial wallet within the STEPN app moving forward.
Other Solana-based games, including the popular metaverse exploration game Star Alas, have issued alerts on the hack and what users can do to secure their assets.
Hacks in P2E and Web3
The play-to-earn and web 3 spaces are not new to hacks. While the Solana hack is obviously disturbing, there have been many huge attacks before.
For example, The Ronin Network, an EVM blockchain for popular P2E game Axie Infinity, lost over half a billion dollars in a similar attack. The Ronin attack was one of the biggest in crypto history. The network has so far restarted but the effects were devastating.
The Ronin attack also shows the growing need to enhance security in Web3. This is especially important now that billions of dollars worth of assets are here. Nonetheless, we are going to bring you more details on the Solana hack as soon as we get them.
