The Solana blockchain protocol was attacked by hackers, who stole cryptocurrency from hundreds of “hot” wallets that were online. Given the accolades Solana has received as one of the quicker and most affordable ecosystems for trading digital assets, even though such attacks are prevalent among blockchain platforms, the news is nevertheless important.
Both Solana’s own cryptocurrency (SOL) and others that are compatible with the Solana blockchain, such as the stablecoin USD Coin, appear to have been stolen by hackers (USDC). The value of the assets taken is unknown at this time because the attack is still going on, however estimates from unbiased analysts and security companies like PeckShield put the losses as high as $8 million.
In the past, Solana has faced with security issues, such as bot spam and DDoS attempts that have been documented. It is also accepting reservations for the Saga phone, which it claims will go on sale next year and will include built-in support for the network’s decentralised apps.
According to Solana’s official Twitter account, approximately 8,000 wallets, including those run by Phantom and Slope, appear to have been impacted by the attack (up from 7,767 earlier). Although the business did not provide an explanation for the attack, it did state that there was no proof that hardware wallets, or those not linked to the internet, had been impacted.
This does not seem to be a flaw in the Solana core code, but rather in software utilised by numerous software wallets that are well-liked by network users, according to a tweet from the firm.
But Solana co-founder Anatoly Yakovenko went into further detail on Twitter, saying that the hack appeared to be a chain effect attack that targeted both devices running iOS and Android Solana Wallet applications (the attackers seemed to have exploited some flaw/bug in intermediary software component that gave them access to this). Blockchain news tracker Startup Dope notes that since the transactions are signed using the users’ private keys, it is likely that the attackers have somehow obtained access to the seed phrase that is intended to protect the users’ wallets.