An unknown attacker has been draining wallets of Solana and USDC, per multiple reports on Twitter, following on the heels of the Nomad Token Bridge hack.
“Over 5,000 Solana wallets have been drained in the past few hours,” reported blockchain audit firm OtterSec. “These transactions are being signed by the actual owners, suggesting some sort of private key compromise.”
Initial reports singled out the Solana browser wallet Phantom and the Solana ecosystem. The news has already prompted an 8% drop in Solana’s value in the last two hours, as of this writing.
“There’s an unknown $SOL exploit currently draining random Phantom wallets,” said crypto investor and analyst Miles Deutscher. “$6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet.”
There’s an unknown $SOL exploit currently draining random Phantom wallets right now. ⚠️
$6m currently stolen.
If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet.
— Miles Deutscher (@milesdeutscher) August 3, 2022
Popular Solana NFT marketplace Magic Eden also took to Twitter to warn of the exploit.
“There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem,” the account wrote. In the tweet, Magic Eden provided instructions to remove permissions for suspicious links.
🚨🚨🚨There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem
Here’s what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links
💜
— Magic Ethen 🪄 (@MagicEden) August 3, 2022
Phantom says it is investigating the reported exploits.
“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” Phantom tweeted. “At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.”
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
As soon as we gather more information, we will issue an update.
— Phantom (@phantom) August 3, 2022
But the attack does not appear to be limited to Solana. Another user reported his USDC balance was drained as well.
Just had my USDC drained AMA🙁
— Justin.sol (@JustinBarlow) August 3, 2022
Twitter user Justin”Justin.sol” Barlow posted: “My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained.”
For reference I haven’t interacted with any contracts at all in ~40 days. My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained
— Justin.sol (@JustinBarlow) August 3, 2022
This is a developing story and will be updated as details emerge.
Stay on top of crypto news, get daily updates in your inbox.
Source: https://decrypt.co/106590/multiple-wallets-including-sol-and-usdc-drained-in-unfolding-attack