• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About us
  • Write for us
  • Terms and Conditions
  • Privacy Policy
  • Disclaimer
  • Contact
  • All Posts
  • Advertise

TronWeekly

Crypto World News

  • Home
  • Education
    • Best TRON Wallets
    • Beginner’s guide to TRON
  • Opinion
    • Tron Tokens
    • Market Analysis
  • Industry
    • Tron Exchange
    • Project Review
  • Press Release
  • Advertise
  • About us
    • The Team
    • Editorial Policy
    • Write for us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    • Contact
You are here: Home / News / Cyber Security / Solana Hot Wallets Under Siege From An Ongoing Massive Exploit
Solana Hot Wallets Under Siege From An Ongoing Massive Exploit

Solana Hot Wallets Under Siege From An Ongoing Massive Exploit

August 3, 2022 by Lipika Deka

Solana-based wallets have come under a widespread exploit after several users complained that their funds were being drained without their consent. While the exact number of affected wallets is unknown at the time of this post, independent investigators put the amount to be over 7000.

As per reports, the attack mainly targeted internet-connected “hot” wallets including Phantom, Slope, and Trust Wallet. Initial sources put the stolen funds to at least $5 million worth of SOL and other tokens.

According to crypto analyst and author @0xfoobar, the attacker is stealing both native tokens [SOL] and SPL tokens [USDC] and those particular wallets that have been inactive for more than 6 months.

Computer scientist and CEO of Ava Labs Emin Gün Sirer tweeted that the hacker has likely gained illegal access to private keys as the transactions were signed properly.

One expert flagged the attack as a possible nonce reuse bug in some signature library Solana projects. ” …this would allow any attacker looking at Solana to derive the private key regardless of where it was generated”, he added.

Nonce which stands for “number used once” implies that one is not supposed to reuse this number for different messages. Since the nonce used is always the same, a malicious actor can impersonate a trusted party by intercepting and recovering the authentication key.

Solana Price Drop By 10% In Response To The Attack

“We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information,” a representative of Phantom said. “The team doesn’t believe this is a Phantom-specific issue at this time.”

The incident has caused SOL’s price to fall back by 10% within a few hours of the reports according to CoinMarketCap.

That said, DeFi protocol code auditor Foobar advised that the solution is to transfer assets into a hardware wallet that has never exposed a private key to potentially vulnerable browser extensions.

“Several have pointed out that transferring assets to a reliable CEX is another holdover strategy if you don’t have a hardware wallet. This is most approachable for less experienced users.”

Filed Under: Cyber Security, News Tagged With: Crypto Wallets, Hack, solana

Primary Sidebar

Recent Posts

  • Shiba Inu’s ShibaFest Will Reign Over Michigan August 18, 2022
  • Ethereum Merge: Talk of the town August 18, 2022
  • Solana wallet’s fool-proof plan to get rid of spam NFTs August 18, 2022
  • Coinbase Would Shutdown Ethereum Staking if Trouble Comes From the Regulators August 18, 2022
  • Cardano’s NFT project ups the ante with Snoop Dogg’s son August 18, 2022

Footer

News

  • Altcoin News
  • Bitcoin News
  • Blockchain
  • Tron News
  • World

Digest

  • Meet the Founder
  • Price Winning Article
  • DeFi
  • Cyber Security
  • Crypto Scam

Industry

  • Project Review
  • Technology
  • Fintech
  • Tron Exchange
  • New in Town

Tron Universe

  • Event and Tron Parties
  • New in Town
  • Tron Tokens

Follow Us

Subscribe US

Copyright © 2022 · Tron Weekly. All Rights Reserved. NOTE: Tron Weekly is an independent crypto news site that adheres to the strict journalism policy anchored on transparency, trust, and objectivity, we have no affiliation with the TRON Foundation, its founder Justin Sun or any other cryptocurrency firm.