<p><span style="font-weight: 400;">A hack affecting the Solana ecosystem entered a <a href="https://www.theblock.co/post/161115/more-than-5000-wallets-drained-in-apparent-exploit-on-solana-network">second day</a> on Wednesday, with no firm consensus on the source of the exploit or how it might be stopped. </span></p> <p><span style="font-weight: 400;">As of 5 a.m. UTC on Wednesday, the Layer 1 network <a href="https://twitter.com/SolanaStatus/status/1554721709357498368">said</a> 7,767 wallets had been hit. A report from security firm Anchain <a href="https://twitter.com/AnChainAI/status/1554650825493868544">estimated</a> that more than $5 million in assets had been taken. </span></p> <p><span style="font-weight: 400;">While it’s not yet confirmed what may be responsible for the exploit, Solana Labs co-founder and CEO Anatoly Yakovenko <a href="https://twitter.com/aeyakovenko/status/1554745536741138433">said</a> on Twitter the incident is likely a "supply chain attack" on wallets using Apple's iOS operating system.</span></p> <p><span style="font-weight: 400;">Supply chain attacks happen when a hacker enters and modifies software by injecting their malicious code in a system. The code inserts can be employed to deliver a malicious payload or backdoor malware. In Solana's case, it’s possible that a hacker attacked its iOS wallet libraries to extract private keys, based on the team's analysis.</span></p> <p><span style="font-weight: 400;">Yakovenko came to his conclusion based the fact that exploited wallets didn’t have prior interactions with dApps and had remained inactive for some time. This indicates that hackers may have extracted private keys from Solana’s hot wallets not with the usual phishing attacks carried out with malicious links.</span></p> <p><span style="font-weight: 400;">Gaining access to private keys means the hackers had the ability to transfer out funds from hot wallets, including Phantom and Slope wallet services.</span></p> <p><span style="font-weight: 400;">Hot wallets are considered less secure than cold wallets as they stay connected to the internet. Cold wallets, meanwhile, store private keys within an offline hardware layer.</span></p> <p>While more than 7,000 Solana wallets have been hit in this hack, that's a tiny fraction of the total. There were about 25 million active addresses on the network in July, according to data compiled by The Block. </p> <p><iframe frameborder="0" height="420" src="https://embed.theblockcrypto.com/data/on-chain-metrics/solana/number-of-active-addresses-on-the-solana-network-monthly/embed" title="Number of Active Addresses on the Solana Network (Monthly)" width="100%"></iframe></p> <p><span style="font-weight: 400;">The Solana team previously stated that it had been working with engineers and several security firms to put its fingers on a definite vulnerability responsible for the incident. It also opened a survey to collect details on the 7,767 exploited wallets as it continues to look for further clues.</span></p> <p>&nbsp;</p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>