TechnologyTech News

Solana, the Great Drain: over 7,000 wallets dried up, one of the biggest attacks in crypto history


In these hours, a malicious actor has exploited an unspecified vulnerability to drain over 7,000 wallets of the Solana network , the most popular alternative cryptocurrency to Ethereum. As of this writing, the ways that made this unprecedented attack possible are not well known.

Hundreds of testimonials spread on Twitter: some users have lost thousands of euros in a short time. In at least one case, more than $ 500,000 was stolen. While in the past this kind of theft was usually associated with reckless user behavior, this time it seems that wallets are emptied without the victim having committed any significant misstep – for example clicking a malicious link or authorizing an untrustworthy dApp . .

Crypto influencer Kiyomi posted a long Twitter thread with all the information currently available on what has already been dubbed ‘ The Great Drain ‘:

  • Over 7,000 wallets are affected. In just a few hours, the hackers drained the equivalent of over $ 7 million
  • Most of the users involved used the Phantom and Slope wallets
  • Hackers may have exploited a ‘supply-chain’ problem. Translated: a vulnerability not so much of Phantom and Slope, but of the open source code used by these and many other browser extensions. Pending further developments, however, it is only a hypothesis.

How to secure your Solanas, waiting to figure out what’s going on

Magic Eden, the most important NFT marketplace in the Solana ecosystem , advised all users to transfer all their assets to a new wallet. If possible, users should use what in the jargon is called a ‘ cold wallet ‘, that is a hardware wallet and not connected to the web – unlike Phantom, to understand, the most popular hot wallet for Solana available both as an App for Android and iOS, both as a browser extension.

If you don’t need to manage dozens of different cryptocurrencies, we suggest you rely on the Ledger Nano S Plus wallet, one of the best for value for money .

While waiting to be able to transfer the funds to a cold wallet, it is  essential that the user removes every single authorization granted by their Phantom wallet . Considering the extraordinary nature of the situation, it is imperative to also remove the authorizations to sites and dApps that are generally considered reliable, such as Magic Eden, Matrica and Mercury. As far as we know, one or more of these sites may have been compromised.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button