More crypto wallets are being hacked and drained

(Image credit: vjkombajn/Pixabay)

The summer of 2022 is continuing to be a bit of a nightmare for cryptocurrency users after yet another hack resulted in the theft of at least $4 million worth of tokens.

This time around, it’s not a blockchain bridge that’s been compromised, but rather the Solana ecosystem. Solana is a blockchain similar to Ethereum and has been often described as the Ethereum killer. However someone started draining the tokens from thousands of wallets - with more than 8,000 wallets now thought to be affected. 

“Over 8,000 #Solana wallets have fallen victim to the on-going hack, with more increasing by the minute,” reported crypto analysts WatcherGuru on Twitter. The same analysts said the transactions were being signed by the actual owners, “suggesting some sort of private key compromise”.

Stablecoins affected, too

Initially, it was thought that just the Phantom Solana browser wallet was affected, but the problem seems to be a lot bigger.

MetaMask, one of the biggest crypto wallets/browser addons out there, later reach out to confirm that the wallet's users were not affected by the hack:

“After investigation, we have determined that MetaMask users are not affected by this, wallet secrets stored in MetaMask remain secure and safe,” the spokesperson told us.

Phantom said an investigation is underway.  "We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem," Phantom said via Twitter. "At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update."

Indeed, some users confirmed tokens other than Solana have also been snatched, including USDC, a stablecoin whose value equals that of the US dollar.

Solana’s price fell almost 10% on the news within two hours of the compromise being reported.

It is still too early to say exactly what the underlying issue is, but experts seem to agree - the only way to stay safe right now is to move the funds into cold storage (an offline hardware wallet). Others have jokingly said that right now, the funds would be safer on an exchange, or a third-party custodial service. “Your keys, not your crypto,” one user joked.

The joke is related to a series of compromises and failures among various blockchain projects and custodial services, which left thousands of users without their hard-earned cryptos. Besides the Nomad bridge hack that happened only yesterday, earlier this year, both Voyager and Celsius, two major crypto custody firms, filed for Chapter 11 bankruptcy, preventing millions of users from accessing the tokens they had entrusted the platforms with. 

“Not your keys, not your coins” is the usual mantra of experienced cryptocurrency users, who have seen their fair share of failed projects and lost funds over the years.

Aug 4: Included a statement from MetaMask

Via: Decrypt

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.