Users of the Solana platform suffered from an attack that emptied about 8,000 cryptocurrency wallets containing millions of dollars. Apparently, specific wallets turned out to be vulnerable to a certain bug, and not blockchain or Solana cryptography.
The attack that occurred on August 3, 2022 affected both Solana’s native cryptocurrency (SOL) and other tokens compatible with the Solana blockchain, such as the USD Coin (USDC) stablecoin. The exact value of the stolen assets has not yet been established, but reports from independent analysts and information security companies such as PeckShield say that the losses are estimated at about $8,000,000.
Solana’s official Twitter account reports that the attack emptied about 8,000 wallets. At the same time, the exact cause of the incident has not yet been established.
At first it became known that the attack was not related to the code, cryptography and Solana blockchain, but was associated with some kind of error in the software used by several popular wallets. This version was indicated by the fact that the transactions were signed by the rightful owners, that is, the matter most likely was in the compromise of the private key.
Various information security experts have suggested that hackers could have access to such a large number of private keys through a supply chain attack, through some kind of 0-day vulnerability in the browser, or through a malfunctioning random number generator used in the key generation process. Another possible explanation was the nonce reuse attack.
However, according to the latest Solana Twitter updates, the explanation for what happened is simpler: all the affected addresses were somehow connected (created, imported or used) with Slope mobile wallet applications. At the same time, Solana developers emphasize that the attack did not affect hardware wallets.
Although the investigation of what happened has not yet been completed, the main version of what happened is as follows: information about private keys was mistakenly transmitted to the application monitoring service.
The developers of Slope have already confirmed the fact of the compromise, but so far they have not reported any technical details of what happened, referring to the still pending investigation.