The summer of 2022 is continuing to be a bit of a nightmare for cryptocurrency users after yet another hack resulted in the theft of at least $4 million worth of tokens.
This time around, it’s not a blockchain bridge that’s been compromised, but rather the Solana ecosystem. Solana is a blockchain similar to Ethereum and has been often described as the Ethereum killer. However someone started draining the tokens from thousands of wallets – with more than 8,000 wallets now thought to be affected.
“Over 8,000 #Solana wallets have fallen victim to the on-going hack, with more increasing by the minute,” reported crypto analysts WatcherGuru on Twitter (opens in new tab). The same analysts said the transactions were being signed by the actual owners, “suggesting some sort of private key compromise”.
Stablecoins affected, too
Initially, it was thought that just the Phantom Solana browser wallet was affected, but the problem seems to be a lot bigger, with MetaMask one of the most popular crypto wallets/browser add-ons, also affected.
“We are actively communicating with the affected wallet teams to offer our help and monitor if there is anything we can do to keep our users safer,” a MetaMask spokesperson told Decrypt.
Phantom said an investigation is underway. “We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” Phantom said via Twitter. “At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.”
Indeed, some users confirmed tokens other than Solana have also been snatched, including USDC, a stablecoin whose value equals that of the US dollar.
Solana’s price fell almost 10% on the news within two hours of the compromise being reported.
It is still too early to say exactly what the underlying issue is, but experts seem to agree – the only way to stay safe right now is to move the funds into cold storage (an offline hardware wallet). Others have jokingly said that right now, the funds would be safer on an exchange, or a third-party custodial service. “Your keys, not your crypto,” one user joked.
The joke is related to a series of compromises and failures among various blockchain projects and custodial services, which left thousands of users without their hard-earned cryptos. Besides the Nomad bridge hack that happened only yesterday, earlier this year, both Voyager and Celsius, two major crypto custody firms, filed for Chapter 11 bankruptcy, preventing millions of users from accessing the tokens they had entrusted the platforms with.
“Not your keys, not your coins” is the usual mantra of experienced cryptocurrency users, who have seen their fair share of failed projects and lost funds over the years.
Via: Decrypt (opens in new tab)