Solana Attack Hits Over 7,000 Wallets in Hack—Every Affected Platform

More than 7,000 wallets have been drained of millions of dollars' worth of Solana and USD Coin (USDC) cryptocurrencies in a major internet attack that begun on Tuesday night.

The attack does not appear to be limited to Solana, with another user also reporting that his USDC balance had also been drained.

Some 7,767 Solana wallets have so been impacted, according to the company.

Florida bitcoin
A cryptocurrency ATM setup in a convenience store on May 12, 2022 in Miami, Florida. More than 7,000 wallets have been drained of millions of dollars’ worth of Solana and USDC cryptocurrencies in a major internet attack. Joe Raedle/Getty

What Is Solana?

Solana is a high-speed blockchain platform that mainly trades in native SOL cryptocurrency.

Following the attack, SOL's price plunged—it dropped from around $40 to $38.66 in eight hours.

When Was Solana Hacked?

The platform was hacked on Tuesday night but the attack is continuing. The source of the breach remains unknown, but it appeared to originate from the Solana browser wallet Phantom and was believed to be able to compromise user keys.

"Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted," Solana said on Twitter late Tuesday.

"Users are strongly encouraged to use hardware wallets. Do not re-use your seed phrase on a hardware wallet. Create a new seed phrase. Wallets drained should be treated as compromised, and abandoned," the company added.

What Wallets Have Had Funds Drained?

Watcher.Guru reported early Wednesday morning that more than $5 million had been stolen so far.

Among the wallets that have been drained include Phantom, Slope and TrustWallet.

"We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem," said Phantom. "At this time, the team does not believe this is a Phantom-specific issue."

Newsweek has contacted Phantom for an update.

One user on Twitter, called foobar, said the breach was affecting wallets that have been inactive for more than six months.

Magic Eden, a market place for non-fungible tokens (NFTs), confirmed the breach and said it "seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem."

It implored users to revoke permissions for any suspicious links in their Phantom wallets.

Solana users have been advised to revoke access to everything and send all their cryptocurrency to a hardware wallet or a centralized custodial exchange as a temporary solution.

Other blockchains are working together to try and understand the cause of the hack and its extent.

"We are actively communicating with the affected wallet teams to offer our help and monitor if there is anything we can do to keep our users safer," a spokesperson for the Ethereum wallet MetaMask told Decrypt.