Solana is the latest victim of a crypto hack. An unknown attacker has drained thousands of internet-connected wallets, stealing millions in tokens. The hack is now being blamed on a supply chain attack on iOS and Android.
The attacker managed to steal not only Solana’s SOL token but also the USDC stablecoin, The Verge reported.
It is still unclear how much money was stolen. Analyst Miles Deutscher suggested that $6 million had been drained from wallets. However, security firm PeckShield estimated the loss at $8 million.
Solana’s Twitter account reported that the hack affected around 8,000 wallets. “Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident,” the company noted.
Solana later said that affected addresses were created, imported, or used in Slope mobile wallet apps. “This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure,” the latest update reads.
There is no evidence the Solana protocol or its cryptography was compromised.
— Solana Status (@SolanaStatus) August 3, 2022
Solana co-founder Anatoly Yakovenko suggested that it was a supply chain attack. The hack affected mostly Slope wallets on iOS and Android, but there were also a few users of another third-party mobile wallet, Phantom. However, Yakovenko noted that the attack happened due to Slope’s specific bug.
So far seems like phantom users also used slope. So seems more likely that this is a slope specific bug.
— SMS aey.sol, 🇺🇸 (@aeyakovenko) August 3, 2022
Many crypto games and apps using the Solana ecosystem also notified their users about the attack. The blockchain is currently used by STEPN, Genopets, DeFi Land, and others.
Attacks like these are common in the blockchain industry. Earlier this year, hackers stole over $600 million worth of crypto from Axie Infinity. It was later revealed that the hack happened due to a fake job posting on LinkedIn, which led to a Sky Mavis employee being compromised.