Late Tuesday, Solana tweeted they were “investigating” the hack with the help of security firms, adding that those hardware wallets and wallets not connected online were not impacted (really, who woulda’ thought). The company further said that all those wallets that were drained should be considered “compromised” and should be set adrift, burned, or whatever other way users wish to say goodbye to their crypto.
Hackers apparently were able to claim the network’s own crypto token SOL as well as USD stablecoin from users’ wallets.
Users were advised to move their resources to a “cold” hardware wallet, rather than leaving it exposed to the crypto pirates still lurking offshore. White Hat hackers are apparently DDoSing their own servers to slow down the hack, according to Solana’s Reddit page, though it seems most of its RPC servers are back online. They also included a survey for those users who say their accounts were impacted.
Solana co-founder Anatoly Yakovenko wrote that the attack could be connected to Android and iOS apps, where attackers exploited some weakness in the supply chain to get access to users’ crypto. In his twitter thread, he points a trembling finger at Apple and Google for security breaches, though of course Yakovenko admitted they haven’t narrowed it down to any connected app.
But blockchain audit firm OtterSec wrote that the attacker was apparently signing for wallet’s actual keys, suggesting that there’s a compromise of users’ private keys. According to BleepingComputer, that could mean a supply chain attack, but it could also be a zero-day flaw in browsers, or even a fault in the user passcode generation process.
Of course, we won’t know until the hack is done with and the Solana devs are left standing upon their field of broken glass.