Multiple Solana addresses have succumbed to a widespread attack, as private keys to several wallets have been compromised. Users claim that their wallet funds have been removed without their involvement, more than $8 million worth of SOL, SPL, and other tokens have been siphoned out.
Funds have been transferred to the following 4 addresses:
1:Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV;
2:CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu;
3:5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n;
4:GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy.
This article will continue to update:
21:08 UTC (3 August)
Slope Finance declare it will try best to solve &rectify the situation
Slope: No personal data will be stored on centralized servers, internal investigations and audits underway
20:05 UTC (3 August)
Solana Status claims it was Slope who may be responsible for this accident
08:39 UTC (3 August)
Laine repeated that the attack may still underway.
08:26 UTC(3 August)
@aeyakovenko, co-founder of Solana Labs, tweeted that the attack may target on iOS equipments.
07:39 UTC(3 August)
Move to Earn app Walken declare it was back on tack
06:48 UTC(3 August)
StepN declare it move their Treasury fund to cold wallet.
06:37 UTC (3August)
Solana Status invites those impacted to fill out a survey.
06:47 UTC(3 August)
Walken declare it will fail to load at the moment
06:32 ET (3 August)
Alavanche founder Emin Gün Sirer believe the attack was continuing.
05:57 UTC(3 August)
Laine cautioned that this has nothing to do with authorization. They also recommended users to transfer tokens to CEX or Solana CLI.
05:09UST (3 August)
Solana Status claimed to have discovered a vulnerability that allows malicious actors to steal funds from multiple Solana wallets. As of 01:00 today, approximately 7767 wallets were affected.
00:38UST (3 August)
Well-known developer @0xfoobar said that in addition to Phantom, Slope wallet users have also reported theft, and attacker is stealing both native tokens (SOL) and SPL tokens (USDC). @0xfoobar believe it might have been an upstream dependency supply chain attack.
00:38UST (3 August)
Solana Status stated that there is currently no evidence that hardware wallets will be affected, and follow-up information will be released as soon as the investigation progresses.
00:50UST (3 August)
OtterSec confirmed 5000 have been drained, they added: the attacker is signing for the actual keys, meaning it’s not just a delegate issue.
00:33UST (3 August)
STEPN posted an urgent notice of Solana
00:32 UST (3 August)
Phantom, with the largest SOL users, is actively looking for the solution, and they do not believe it is their problem:
00:08 UST (3 August)
Magic Eden warned that there seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
13:13 UTC (3 August)
Solana Status tweeted that engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.
