SECURITY

Solana wallet Phantom user assets hacked, official: believe we are not the only ones experiencing issues

share
Solana wallet Phantom user assets hacked, official: believe we are not the only ones experiencing issues

The Solana wallet Phantom Wallet has been reported hacked. This is a browser extension and app specifically for the Solana blockchain. Many Twitter users reported on the morning of 8/3 that their assets in Phantom Wallet were stolen. Venture capital partner Adam Cochran mentioned that this hacking incident does not appear to involve smart contracts, only a few wallets were compromised, and it is not limited to just Phantom Wallet. He speculated that it might have been due to malicious updates in a shared code repository, which led to the signing of transactions after unlocking the wallet.

He believes this could explain the time discrepancies in the hacking cases and the diversity of victims. Issues on Solana are harder to pinpoint accurately because it does not have as much public infrastructure as Ethereum. He also mentioned that some believe it could have been an attack on a Trusted App, and if so, it is advisable to disable it early to reduce risks.

Audit firm OtterSec stated that over five thousand wallets have been compromised, all involving transactions signed by the wallets, similar to a private key leak. Cybersecurity company SlowMist mentioned that the hacked funds have all flowed to four specific addresses.

Advertisement - Scroll down for more content

How to Protect Yourself?

The team at Solana NFT marketplace Magic Eden suggests the following best practices:

  • Go to the settings page of the Phantom Wallet
  • Choose Trusted App
  • Use Revoke Permissions to remove any suspicious links

Well-known Solana ecosystem game STEPN also responded by advising users who have imported external non-custodial wallets or exported non-custodial wallets from STEPN to check for any missing assets and move them out. It is recommended to generate a new non-custodial wallet in the STEPN App.

Phantom Official Response

The Phantom Wallet team stated that they are closely working with the community to investigate the reported Solana ecosystem vulnerabilities. At present, the team does not believe the issue is exclusive to Phantom. Updates will be provided as more information becomes available. The official Solana Status account mentioned that investigations are ongoing, affecting 7,767 Slope and Phantom wallets, including mobile apps and browser extensions, with no evidence of hardware wallet impact.

Solana Co-Founder Speculates iOS Supply Chain Attack

Solana co-founder Anatoly Yakovenko speculates that this appears to be an iOS supply chain attack. Several wallets only received SOL without any contract interaction and were still affected. Additionally, their private keys were generated externally and then imported into the iOS system.

Supply chain attacks are a method of spreading spyware, typically through product software official websites or software package repositories. Hackers usually target servers hosting well-known software websites, tamper with the software source code available for regular users to download, and distribute spyware to users who visit the website to download the software. Source: Wikipedia