According to blockchain analytics firm Elliptic, over 8,000 digital wallets had been emptied of little over $5.2 million in Solana tokens and USD Coin (USDC).
The (NYSE:TWTR) Solana Status Twitter account acknowledged the assault, stating that the issue had compromised about 7,767 wallets as of Wednesday morning. With 7,936 wallets, Elliptic’s estimate is somewhat higher.
Many users began reporting that assets housed in internet-connected wallets had been emptied of money as early as Tuesday evening.
Phantom, the provider of digital wallets, said it is looking into the “reported vulnerability in the Solana ecosystem” and does not believe it is a Phantom-specific issue.
The theft affected several wallets “across a broad variety of platforms,” according to blockchain audit company OtterSec. The transactions were signed by the genuine owners, according to OtterSec, “suggesting some type of private key breach.”
The fundamental source of the breach, according to Elliptic’s Tom Robinson, is unknown, but “it looks to be linked to a weakness in certain wallet software, rather than the solana blockchain itself.”
The attacker’s identity, as well as the exact reason of the attack, remain unclear.
“Create a fresh seed phrase instead than reusing your seed phrase on a hardware wallet. Wallets that have been drained should be deemed compromised and abandoned “Solana recommends.