Solana exploit enters second day as CEO points to attack on Apple hot wallets

Technology • August 3, 2022, 5:59AM EDT
UPDATED: October 1, 2022, 10:47AM EDT
the block

Quick Take

  • As of 5 a.m. UTC on Wednesday, Solana said 7,767 wallets have been hit by hackers.
  • Solana Labs CEO Anatoly Yakovenko said it looked like a “supply chain attack” on iOS-based wallets.

A hack affecting the Solana ecosystem entered a second day on Wednesday, with no firm consensus on the source of the exploit or how it might be stopped. 

As of 5 a.m. UTC on Wednesday, the Layer 1 network said 7,767 wallets had been hit. A report from security firm Anchain estimated that more than $5 million in assets had been taken. 

While it’s not yet confirmed what may be responsible for the exploit, Solana Labs co-founder and CEO Anatoly Yakovenko said on Twitter the incident is likely a "supply chain attack" on wallets using Apple's iOS operating system.

Supply chain attacks happen when a hacker enters and modifies software by injecting their malicious code in a system. The code inserts can be employed to deliver a malicious payload or backdoor malware. In Solana's case, it’s possible that a hacker attacked its iOS wallet libraries to extract private keys, based on the team's analysis.

Yakovenko came to his conclusion based the fact that exploited wallets didn’t have prior interactions with dApps and had remained inactive for some time. This indicates that hackers may have extracted private keys from Solana’s hot wallets not with the usual phishing attacks carried out with malicious links.

Gaining access to private keys means the hackers had the ability to transfer out funds from hot wallets, including Phantom and Slope wallet services.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Hot wallets are considered less secure than cold wallets as they stay connected to the internet. Cold wallets, meanwhile, store private keys within an offline hardware layer.

While more than 7,000 Solana wallets have been hit in this hack, that's a tiny fraction of the total. There were about 25 million active addresses on the network in July, according to data compiled by The Block. 

The Solana team previously stated that it had been working with engineers and several security firms to put its fingers on a definite vulnerability responsible for the incident. It also opened a survey to collect details on the 7,767 exploited wallets as it continues to look for further clues.

 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

More by Vishal Chawla