Hackers targeting Solana steal millions of dollars worth of crypto tokens

At least $5 million worth of USDC, SOL, and other tokens were drained from thousands of user wallets, while the culprits remain at large.

Solana logo displayed on a phone screen and representation of cryptocurrencies are seen in this illu...
NurPhoto/NurPhoto/Getty Images

If there’s one crypto trend crypto overshadowing the industry’s sharp decline, it’s the amount of recent high-profile exploits, which have now compromised millions of dollars of users’ money. Hours after a decentralized hack on the Nomad bridge, a new exploit targeting Solana users has led to about $5 million (by some estimates, more than that) being drained from over 8,000 crypto wallets within the Solana ecosystem.

The bulk of the stolen tokens were concentrated in USDC (49.9 percent) and SOL (35.1 percent), making up about 85 percent of the multi-million dollar heist. Since the dust has settled, a breakdown on Solscan outlines the exploit in more granular detail. While there may have been more people involved in the theft, four wallets were identified gobbling up the stolen crypto tokens.

OtterSec, a blockchain auditing account on Twitter, noticed the illicit activity yesterday evening and pointed out that the transactions involving the transfer of unsuspecting user tokens were being approved by “the actual owners [of said accounts],” which implies that the group of malicious actors were able to access private keys for each of the compromised wallets.

How did it all go down? — As pointed out by Coindesk, the bulk of the victims were confined to mobile wallet users — these wallets were also designated as “hot wallets,” meaning they are constantly connected to the internet, so that transactions can be carried out at all times. “Cold wallets,” on the other hand, are physical USB drives, that must be plugged into a device in order to carry out transactions.

This convenience poses more security risks, considering updates to the code powering these digital tools are more frequent and thus, more accessible by hackers.

While the Solana blockchain itself was not compromised (the stolen funds most likely would have been much larger if this were the case), Phantom and Slope, two hot wallets that are popular on Solana, experienced the biggest losses.

Solana has now pointed out that the hackers were able to access the private key information, thereby allowing them to initiate and approve transactions as if they were the original account-holders, thanks to an inadvertent data leak “used in Slope mobile wallet applications.” Phantom had hinted at this last night in a tweet suggesting the company was not the original cause of the data compromise.

Regardless, accidental backend leaks are have been a stepping stone for widespread crypto exploits — and to potentially disastrous consequences. Blockchain-adjacent companies will either have to tighten up their products, or risk losing credibility.