More than 8000 “hot” Solana wallets have been compromised. The modus operandi of the attack remains unknown and millions of dollars are being siphoned off as of this writing.
hack in progress
The wallets concerned are Phantom, Slope and TrustWallet… Several addresses are involved in this hack which is getting worse every minute. The latter received funds seven months ago from Binance. Either after the exchange has set up the KYC procedure. It’s a start…
The equivalent of eight million dollars in SOL, SPL and other Solana-backed tokens. This figure increases from hour to hour.
The origin of this hack remains mysterious for the moment. The Phantom wallet has let it be known that the flaw does not seem to come from them:
The wisest for the moment is to transfer all your SOL to a “cold” wallet. As a reminder, a hot wallet is a wallet that does not belong to you. This is the case if you deposit your SOLs on an exchange or an obscure protocol such as phantom.
In other words, the private key does not belong to you. “Not your key, not your bitcoin”, as maximalists often remind us.
Those responsible for this hack somehow gained access to the private keys that allow them to “sign” transactions. We also recommend disabling all app permissions connected to your Phantom Wallet and others.
This hack comes barely two days after that of the NOMAD application. This protocol allows users to transfer tokens between blockchains. The famous ” bridge which are almost always the source of hacks. According to the blockchain analysis company Elliptic, more than a billion dollars were stolen via these “bridges” in 2022…
The equivalent of 190 million dollars (in Ethereum and USDC) were stolen… Ethereum would again be affected by the hack if we are to believe Austin Federa, spokesperson for Solana:
This is what happens when you keep changing protocols and creating gasworks of smart contracts connecting multiple programming languages. Flaws are multiplying and inevitably causing tragedies.
“Crypto” looks a little more like a giant scam every day under cover of empty “technological innovations” surfing on the mirage of “web 3” and other chimeras. It is time for developers to go through the prison box.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss any of the essential Tremplin.io!