{"id":65266,"date":"2022-08-03T09:03:21","date_gmt":"2022-08-03T06:03:21","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=65266"},"modified":"2025-09-06T18:59:26","modified_gmt":"2025-09-06T15:59:26","slug":"hackers-breach-around-8000-solana-wallets-siphoning-off-millions-of-dollars","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-breach-around-8000-solana-wallets-siphoning-off-millions-of-dollars\/","title":{"rendered":"Hackers breach around 8,000 Solana wallets, siphoning off millions of dollars"},"content":{"rendered":"<p>Unknown actors gained access to the funds belonging to Solana-based wallet owners, siphoning off millions of dollars.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. <\/p>\n<p>The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.<\/p>\n<p>\u2014 Solana Status (@SolanaStatus) <a href=\\\"https:\/\/twitter.com\/SolanaStatus\/status\/1554695981781901312?ref_src=twsrc%5Etfw\\\">August 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Initially, blockchain-auditor OtterSec reported the depletion of more than 5,000 wallets within hours. The transactions were signed by the owners, which, according to researchers, suggests a private-key compromise.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">These transactions are being signed by the actual owners, suggesting some sort of private key compromise. <a href=\\\"https:\/\/t.co\/UTMq4NWErd\\\">pic.twitter.com\/UTMq4NWErd<\/a><\/p>\n<p>\u2014 OtterSec (@osec_io) <a href=\\\"https:\/\/twitter.com\/osec_io\/status\/1554630846686306304?ref_src=twsrc%5Etfw\\\">August 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>PeckShield specialists preliminarily estimated losses at $8 million.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\"><a href=\\\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\\\">#PeckShieldAlert<\/a> The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal\/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds &#038; maybe misvalued $570M) <a href=\\\"https:\/\/t.co\/aTGNsTc6d8\\\">pic.twitter.com\/aTGNsTc6d8<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\\\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1554674781383180289?ref_src=twsrc%5Etfw\\\">August 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>According to <a href=\\\"https:\/\/hub.elliptic.co\/analysis\/over-5-million-drained-in-solana-wallet-exploit\/\\\">Elliptic<\/a>, during the attack hackers stole more than $5.2 million in SOL tokens, over 300 Solana-based tokens, and NFTs.<\/p>\n<p>Some reports indicate that wallets that had been inactive for more than six months were hardest hit.<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">\ud83d\udea8 Widespread Solana private key compromise \ud83d\udea8<\/p>\n<p>\u2014 attacker is stealing both native tokens (SOL) and SPL tokens (USDC)<br \/>\u2014 affecting wallets that have been inactive for >6 months<br \/>\u2014 both Phantom &#038; Slope wallets reportedly drained <a href=\\\"https:\/\/t.co\/AkZXOGLD0Q\\\">pic.twitter.com\/AkZXOGLD0Q<\/a><\/p>\n<p>\u2014 foobar (@0xfoobar) <a href=\\\"https:\/\/twitter.com\/0xfoobar\/status\/1554627762807349249?ref_src=twsrc%5Etfw\\\">August 3, 2022<\/a><\/p><\/blockquote>\n<p> <script async=\\\"\\\" src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>The attack affected wallets <a href=\\\"https:\/\/twitter.com\/EowynChen\/status\/1554652888202448896\\\">Trust Wallet<\/a>, <a href=\\\"https:\/\/twitter.com\/phantom\/status\/1554626111535026177\\\">Phantom<\/a> and <a href=\\\"https:\/\/twitter.com\/slope_finance\/status\/1554643718275305473\\\">Slope<\/a>. In Solana, users were urged to transfer assets to hardware wallets. Binance chief Changpeng Zhao also advised moving assets to cold wallets or centralized exchanges.<\/p>\n<p>As of writing, the cause of the breach was unknown. Preliminary reports indicate that attackers exploited a vulnerability.<\/p>\n<p>According to <a href=\\\"https:\/\/www.coingecko.com\/en\/coins\/solana\\\">CoinGecko<\/a>, in the wake of the hack, the SOL token fell by 4.6%.<\/p>\n<p>Atlas VPN notes that in the first half of 2022, hackers <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-stole-almost-2-billion-from-crypto-projects-in-the-first-half-of-2022\">stole almost $2 billion from crypto projects<\/a>.<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news in our <a href=\\\"\/\/telegram.me\/forklog\\\" target=\\\"\u201c_blank\u201d\\\" rel=\\\"\u201cnofollow\u201d noopener\\\">Telegram<\/a> \u2014 cryptocurrency news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unknown actors gained access to the funds of Solana-based wallet owners, siphoning off millions of dollars.<\/p>\n","protected":false},"author":1,"featured_media":65267,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1159],"class_list":["post-65266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-solana-sol"],"aioseo_notices":[],"amp_enabled":true,"views":"27","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/65266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=65266"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/65266\/revisions"}],"predecessor-version":[{"id":65268,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/65266\/revisions\/65268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/65267"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=65266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=65266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=65266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}