We’re on the heels of cross-chain bridge Nomad suffering a demolishing hack earlier in the week, and now hackers are doubling down with an attack on Solana hot wallets mid-way through the week. On Tuesday afternoon, reports emerged of some sort of vulnerability that was taking advantage of Solana-based wallets. Approaching 24 hours later, there are still quite a bit of unknowns, and we’re approaching nearly $5M of hacked funds.
Let’s take a look at what we do know so far.
A Solana Scare
Nearly 10,000 wallets across mobile users utilizing both Slope and Phantom (two of the leading Solana wallets) fell victim to this week’s hack in what is seemingly a result of poor user privacy management. While reputable users in crypto Twitter are still working on a post-mortem, a Dune Analytics dashboard created by @tristan0x shows a visual of how quickly things developed; while activity on Wednesday has been at a standstill, there is still cloudy forecasts around whether or not this vulnerability is still active.
General crypto Twitter consensus thus far has pointed towards Slope as being the domino to fall here; the platform’s latest correspondence on Twitter, from Tuesday, states that they are “actively working to sort out the issue as rapidly as possible and rectify best we can.” On Wednesday, Slope released a message to users that was reposted by reputable crypto Twitter user foobar:
Statement from the Slope team pic.twitter.com/uOEdO25x8c
— foobar (@0xfoobar) August 3, 2022
Despite abundant question marks around Solana security, the price of the SOL token has remained surprisingly strong. | Source: SOL-USD on TradingView.com
Related Reading | Why The Crypto Fear & Greed Index Points To Sustainable Recovery
Crypto Vulnerabilities Run Rampant
So how did it all happen? Post-mortems from independent sleuths and other reputable sources in the space have yet to be released, but speculation has largely landed on some variation of a ‘software supply chain attack’ being the likely downfall here. This is where attackers search far and wide for security vulnerabilities across network protocols, server infrastructure, and platform coding practices to take advantage of potential holes.
In this case, the root issue seems to lie within Slope and some have even speculated that it could be a malicious insider at Slope taking advantage of the platform’s practices. As foobar notes in the Twitter thread above, “compromised Phantom wallets came from seed…
Click Here to Read the Full Original Article at NewsBTC…
