Hackers Exploit Solana Blockchain, $6mln+ Swindled from Phantom Wallets
Solana blockchain, which is perceived as the main rival to Ethereum Layer-1 blockchain, was under attack by hackers. Specifically, several thousands of Phantom wallets have lost their holdings to hackers. The latest estimates peg the hacked sum to a minimum of $6 million. With nearly 20 wallets getting compromised every minute, the total count of hacked wallets has risen to over 7000.
The aforesaid figures are not accurate and are yet to be revealed by the core Solana team. Experts have advised Solana investors to move their holdings to a hardware wallet or send them to an exchange. In the latest update, the core team of Solana stated that they are closely tracking the incident. Nevertheless, there is no proof of hacking of hardware wallets.
Solana’s statement reads as follows:
“Engineers from various domains, with support from numerous cybersecurity companies, are scrutinizing Solana’s hacked wallets. There is no proof of hacking of hardware wallets.”
Additionally, Phantom, the wallet serving Solana blockchain based DeFi and also NFTs, is also studying the issue. Notably, Phantom has pointed out that the exploit is not solely linked to its wallet. The official statement of Phantom reads as follows:
“We are in touch with rest of the teams to decipher the reason for the exploit in the Solana environment. As of now, the coders feel that the issue is not specific to Phantom. Once we collect more data, we will provide an update.”
In the past 12 months, the Solana blockchain platform has witnessed numerous hacking incidents. As a result, the reputation of the blockchain has been tarnished to a certain extent. The news of the latest hacking incident has triggered another sell-off of the SOL token. While preparing this report, Solana had lost 3.40% to trade at $39.20, reflecting a market cap of $13.56 billion.
Emin Gun Sirer, founder of Ava Labs shared his thought on the latest wallet hacking incident. He stated:
“A supply chain attack leading to compromise of the JS library and nabbing private keys of users could be a reason. The wallets which got compromised would have been created roughly in the last nine months.
Several individuals have pointed out a defective random number generator. This looks outdated. A decade back, possibly. We are aware of what should not be done during private key creation. Therefore, I would be taken aback if the swindler broke through due to the absence of entropy.”