An unknown actor has drained over 8,000 internet-connected wallets in an ongoing attack on the Solana blockchain ecosystem. According to Blockchain auditor OtterSec, the attacks were still ongoing when it posted an update in the evening of August 2nd and that they had affected multiple wallets, including Phantom, Slope, Solflare and TrustWallet, across a wide variety of platforms.
As TechCrunch notes, the bad actor seems to have stolen both Solana tokens and USDC stablecoins, with the estimated losses so far amounting to around $8 million. OtterSec is now encouraging users to move all their assets to a hardware wallet, and the Solana Status Twitter account echoed that advice, adding that there's no evidence "cold" wallets have been impacted.
— OtterSec (@osec_io) August 3, 2022
The Solana Status account has also revealed that an exploit allowed a malicious actor to drain funds from the compromised wallets and that it seems to have affected both their mobile versions and extensions. Engineers from multiple ecosystems have already banded together to work with security researchers to identify the root cause of the exploit, which is yet to be discovered.
People in the crypto industry have several theories, though, with some believing that the bad actors got access to private keys through a supply chain attack, because the attacker was able to sign, or initiate and approve, transactions on behalf of the victims. Others warning that the exploit has caused the widespread compromise of private keys and that revoking wallet approvals won't help at all.