The Solana ecosystem experienced a massive hack that affected more than 8000 wallets. The hackers drained multiple tokens like SOL and USDC from the wallets. The monetary impact of the attack, while still unclear, is estimated to be in tens of millions. Phantom and Slope wallets have been massively affected.
According to the Solana Status, many engineers and security expert firms are working to figure out what went wrong with the platform. While there are multiple theories, no consensus has been reached as to the reason for the hack.
However, the experts do seem to agree that the hack has not affected anyone who stored their tokens in hardware wallets or exchanges.
What Went Wrong For Solana
Emin Gun Sirer, the CEO and founder of Ava Labs, revealed that despite the hack, the transactions appear to have been signed properly. Such a hack is only possible if the hacker has access to users’ private keys. Foobar, a popular crypto influencer and security auditor, also labeled the hacks as a “private key compromise”.
Both Sirer and foobar have mentioned a supply chain attack to be the possible reason for the hack. A supply chain attack occurs when a malicious party breaches a system using third-party services. However, Sirer rubbished any possibility of a faulty random number generator or a browser exploit.
Patrick O’ Grady of Ava Labs revealed that the issue might be due to potential nonce reuse. This would allow a hacker to access the private keys of certain users.
How To Protect Yourself From Solana Like Hack
According to multiple reports, the hack has only affected users using certain wallets. There does not seem to be any impact on users storing their tokens on exchanges or hardware wallets.
However, both the above approaches have their cons. Centralized exchanges usually suffer from a lack of autonomy over their assets as the exchange could suspend withdrawals without any notice. On the other hand, hardware wallets could be quite expensive.
In the event of not having access to either of those options, Foobar has recommended limiting any upstream telemetry by switching off the device that holds your wallets.