Solana’s official Twitter account said that approximately 7,767 wallets had been affected by the attack, including those operated by third-parties Phantom and Slope. The company did not explain the cause of the attack, but noted that there was no evidence that hardware wallets (those not connected to the internet) had been affected.
“Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time,” said the company in a tweet.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.— Solana Status (@SolanaStatus) August 3, 2022
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
On Twitter, however, Solana’s co-founder Anatoly Yakovenko went into a little more detail, suggesting the hack seemed like a supply chain attack targeting both iOS and Android applications (meaning that the attackers exploited some weakness in connected apps or browser extensions).
It seems hackers have been able to steal both Solana’s own cryptocurrency (SOL) and some compatible with the Solana blockchain, like the stablecoin USD Coin (USDC). As the attack is ongoing, the value of the assets stolen is not clear, but reports from independent analysts and security firms suggest it is currently in the high single-digit millions of dollars.