Solana, a popular blockchain known for its speedy transactions, has been victim of yet another crypto hack, with users reporting that their funds have been stolen from internet-connected Solana “hot” wallets, including Phantom, Slope and TrustWallet.
According to Solana’s account on Twitter, approximately 7,767 wallets have been affected, impacting both users of mobile and browser extensions. There is no evidence hardware wallets were impacted, Solana said.
At the same time, blockchain security firm MistTrack reported that more than 8,000 wallets have been affected. So far, the loss is estimated to be more than $8 million. A number of Solana addresses have been linked to the attack, with those addresses amassing around $5 million worth of SOL, SPL, and other Solana-based tokens.
Wallets drained should be treated as compromised and abandoned, Solana warned as it encouraged users to switch to hardware or “cold” wallets.
The exact cause of the hack is unclear at this point, though some experts suggest that given that transactions were properly signed, a supply chain attack could be involved that managed to steal users’ private keys.
It’s also not clear, if the vulnerability is limited only to the Solana blockchain. A TrustWallet and Slope wallet user reported losing USDC on both Solana and Ethereum.
The developers of Phantom wallet said that they are “working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem.” The team said they don’t believe this is a Phantom-specific issue.
The news of the Solana attack comes less than a day after a similar incident affecting the Nomad bridge has been reported, in which attackers drained almost all the funds in the wallet. According to estimates, the total value of cryptocurrency stolen in the attack is close to $200 million.