Millions worth of crypto assets reportedly drained from Solana-based wallets in exploit

Users of Solana-based wallets reportedly lost more than US$5 million in crypto assets on August 3 as a result of a massive hack on the Solana blockchain.

The affected platforms included crypto wallets such as Phantom and Slope, and other Solana-based services including NFT marketplace Magic Eden and move-to-earn game STEPN. 

According to Paladin Blockchain Security, a smart contract audit, the loss caused by the exploit was more than US$5 million and was still growing. 

The damage was initially thought to target Phantom’s systems, but Phantom announced that it was investigating the incident in cooperation with external parties and “does not believe it is Phantom-specific.” 

It was not immediately clear as to how the hack occurred. But there were suggestions that the exploit pointed to a vulnerability in the Solana Program Library (SPL) standard, a programming library issued on the Solana blockchain.

Phantom recommends users to erase previous apps from their settings as a measure of self-protection, while Magic Eden asks users to remove suspicious sites from previously authorised contracts in their wallets. It also recommends moving crypto assets to hardware wallets and centralised exchanges (CEX) other than Solana-based wallets, and revoking authorisation for wallets connected to apps and other applications.

Following the exploit, Solana’s prices dropped significantly. At 1:15pm (Japan Time), it was down to around US$38.

Hacks and exploits have become a concern among many users. In June, the Discord account of popular NFT collection Bored Ape Yacht Club (BAYC) was hacked, causing the loss of around 200 ETH (approximately US$328,428) worth of assets. This came after another attack on its Instagram account in April that resulted in a US$2.8 million loss in assets.