{"id":480581,"date":"2022-08-03T05:19:37","date_gmt":"2022-08-03T02:19:37","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/ongoing-solana-based-wallet-hack-has-already-seen-millions-drained\/"},"modified":"2022-08-03T05:19:37","modified_gmt":"2022-08-03T02:19:37","slug":"ongoing-solana-based-wallet-hack-has-already-seen-millions-drained","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/ongoing-solana-based-wallet-hack-has-already-seen-millions-drained\/","title":{"rendered":"# Ongoing Solana-based wallet hack has already seen millions drained"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2de1c2425fb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2de1c2425fb\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/ongoing-solana-based-wallet-hack-has-already-seen-millions-drained\/#%E2%80%9D_Ongoing_Solana-based_wallet_hack_has_already_seen_millions_drained_%E2%80%9C\" >&#8221; Ongoing Solana-based wallet hack has already seen millions drained  &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Ongoing_Solana-based_wallet_hack_has_already_seen_millions_drained_%E2%80%9C\"><\/span>&#8221; Ongoing Solana-based wallet hack has already seen millions drained  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvZDc0MWNiNTItMzIwZC00MjllLTlkMjEtY2RhZDAwMDIxMjA3LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-28d77a7a>A security vulnerability impacting the Solana ecosystem has reportedly seen millions in funds drained across a number of Solana-based wallets.<\/p>\n<p>At the time of writing, Solana (SOL) is currently trending on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> as countless users are either <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/search?q=Solana&amp;src=trend_click&amp;vertical=trends\">reporting<\/a> on the hack as it unfolds, or are reporting to have lost funds themselves, warning anyone with Solana-based hot wallets such as Phantom and Slope wallets to move their funds into cold wallets.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"> IMPORTANT- please retweet and tag <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/phantom?ref_src=twsrc%5Etfw\">@phantom<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/solana?ref_src=twsrc%5Etfw\">@solana<\/a>  <\/p>\n<p>1. Many users are claiming they are getting notifications that they are sending tokens to an unknown address <\/p>\n<p>2. Common Denominator is that they have all been <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/phantom?ref_src=twsrc%5Etfw\">@phantom<\/a> wallets<\/p>\n<p>\u2014 Solar Dex (@solar_dex) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/solar_dex\/status\/1554613678552522755?ref_src=twsrc%5Etfw\">August 2, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nSo far both Phantom, Slope, and Magic Eden\u00a0are among those that have commented on the issue, with wallet provider Phantom noting that it is working with other teams to get to the bottom of the issue, although it says it does not \u201cbelieve this is a Phantom-specific issue\u201d at this stage. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue. <\/p>\n<p>As soon as we gather more information, we will issue an update.<\/p>\n<p>\u2014 Phantom (@phantom) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/phantom\/status\/1554626111535026177?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Magic Eden <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MagicEden\/status\/1554620084831674370\">confirmed<\/a> the reports by stating that \u201cseems to be a widespread SOL exploit at play that&#8217;s draining wallets throughout the ecosystem\u201d as it called on users to revoke permissions for any suspicious links in their Phantom wallets. <\/p>\n<p>Slope said it is currently working with Solana Labs and other Solana-based protocols to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/slope_finance\/status\/1554647900130611203\">pinpoint<\/a> the issue and rectify it, though there were &#8220;no major breakthroughs yet.&#8221;<\/p>\n<p>Twitter user @nftpeasant has been following the incident closely, and according to their research via Solscan, around $6 million worth of funds have already been siphoned from Phantom wallets during a 10-minute period on August 2. In one instance it <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears a Phantom wallet user had $500,000 worth of USDC drained from their account. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"qst\" dir=\"ltr\">???!!! <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/sBDgxqGyaw\">https:\/\/t.co\/sBDgxqGyaw<\/a><\/p>\n<p>\u2014 Matthew Graham (@mattysino) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/mattysino\/status\/1554612316079022080?ref_src=twsrc%5Etfw\">August 2, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Popular scam detective and self-described \u201con-chain sleuth\u201d @zachxbt also did some digging and revealed to their 274,800 followers that the hackers initially funded the primary wallet associated with this attack via Binance seven months ago. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Solana-based stablecoin NIRV drops 85% following $3.5M exploit<\/em><\/strong><\/p>\n<p>The transaction history shows that the wallet remained dormant until today before the hackers conducted transactions with four different wallets 10 minutes before the attack started. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Scammers wallet funded via Binance 7 months ago<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/5gQbObcsg4\">https:\/\/t.co\/5gQbObcsg4<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/sco5SPBrne\">https:\/\/t.co\/sco5SPBrne<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/AL6Hm4F3R3\">pic.twitter.com\/AL6Hm4F3R3<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/zachxbt\/status\/1554630366379626498?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There have also been different reports on how many wallets have been affected and the extent of the damage so far. <\/p>\n<p>Crypto tracking and compliance platform Mist Track stated via Twitter that as many as 8,000 wallets have been hacked, with $580 million sent to four addresses, however, comments on the post are skeptical about the number. <\/p>\n<p>Meanwhile, Ava Labs CEO and founder Emin Gun Sirer stated that the number was at 7,000 plus wallets, a number which is rising at around 20 per minute. He said he believes that as the transactions appear to be signed properly, &#8220;it is likely that the attacker has acquired access to private keys.&#8221;<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">There&#8217;s an ongoing attack targeting the Solana ecosystem right now. 7000+ wallets affected, and rising at 20\/min. Because it&#8217;s very early and the attack is ongoing, there&#8217;s a lot of misinformation and speculation. So here are a few thoughts and clarifications.<\/p>\n<p>\u2014 Emin G\u00fcn Sirer (@el33th4xor) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/el33th4xor\/status\/1554656344036126720?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Cointelegraph has reached out to Phantom for comment on the matter and will update the story if the firm responds. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/ongoing-solana-based-wallet-hack-has-already-seen-millions-drained\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Ongoing Solana-based wallet hack has already seen millions drained &#8220; A security vulnerability impacting the Solana ecosystem has reportedly seen millions in funds drained across a number of Solana-based wallets. At the time of writing, Solana (SOL) is currently trending on Twitter as countless users are either reporting on the hack as it unfolds,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":480582,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvZDc0MWNiNTItMzIwZC00MjllLTlkMjEtY2RhZDAwMDIxMjA3LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,92498,74879,70944],"class_list":["post-480581","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-solana","tag-wallet","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/480581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=480581"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/480581\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/480582"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=480581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=480581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=480581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}