Solana exploit enters second day as CEO points to attack on Apple hot wallets

Quick Take

  • As of 5 a.m. UTC on Wednesday, Solana said 7,767 wallets have been hit by hackers.
  • Solana Labs CEO Anatoly Yakovenko said it looked like a “supply chain attack” on iOS-based wallets.

A hack affecting the Solana ecosystem entered a second day on Wednesday, with no firm consensus on the source of the exploit or how it might be stopped. 

As of 5 a.m. UTC on Wednesday, the Layer 1 network said 7,767 wallets had been hit. A report from security firm Anchain estimated that more than $5 million in assets had been taken. 

While it’s not yet confirmed what may be responsible for the exploit, Solana Labs co-founder and CEO Anatoly Yakovenko said on Twitter the incident is likely a "supply chain attack" on wallets using Apple's iOS operating system.

Supply chain attacks happen when a hacker enters and modifies software by injecting their malicious code in a system. The code inserts can be employed to deliver a malicious payload or backdoor malware. In Solana's case, it’s possible that a hacker attacked its iOS wallet libraries to extract private keys, based on the team's analysis.

Yakovenko came to his conclusion based the fact that exploited wallets didn’t have prior interactions with dApps and had remained inactive for some time. This indicates that hackers may have extracted private keys from Solana’s hot wallets not with the usual phishing attacks carried out with malicious links.

Gaining access to private keys means the hackers had the ability to transfer out funds from hot wallets, including Phantom and Slope wallet services.

Start your day with the most influential events and analysis happening across the digital asset ecosystem.

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Hot wallets are considered less secure than cold wallets as they stay connected to the internet. Cold wallets, meanwhile, store private keys within an offline hardware layer.

While more than 7,000 Solana wallets have been hit in this hack, that's a tiny fraction of the total. There were about 25 million active addresses on the network in July, according to data compiled by The Block. 

The Solana team previously stated that it had been working with engineers and several security firms to put its fingers on a definite vulnerability responsible for the incident. It also opened a survey to collect details on the 7,767 exploited wallets as it continues to look for further clues.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.