English
59429
|
Latest update: Solana ecological construction participant @SolportTom said: Wallets are still drying up and there are no signs of slowing down. The contract level vulnerability was ruled out and it appears this person had seed level access. So far, the estimated damage is $8 million. Additionally, the Solana RPC node appears to have stopped serving requests, and users' wallets or block explorers may not be loading right now. After verification by Golden Finance, the address of the suspected hacker that was previously exposed is no longer searchable.  On August 3, Solana wallet Phantom was suspected of being hacked, and multiple users reported that their funds were depleted without their knowledge. According to the community announcement, four suspicious wallets have been exposed so far, and the stolen funds include US$1.645 million in SOL and US$576 million in SPL tokens, and the number is still increasing: 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n  GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy  Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV  CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu  In response, Phantom responded that it is working closely with other teams to identify reported vulnerabilities in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue. An update will be posted once more information is gathered. Some users suspect the hack may be related to transactions on Magic Eden’s Solana-based NFT marketplace. Magic Eden reminds users to make the following settings to protect personal assets: 1. Enter the Phantom wallet settings page ; 2. Click on Trusted Apps ; 3. Revoke permissions from any suspicious links. Solana ecological construction participant @SolportTom said that as far as we know, no casting occurred during the drain. The transaction looks like a normal transfer, not a transfer from a contract. This is about the entire ecosystem, presumably related to gambling services. Crypto KOL 0xfoobar analyzed that attackers are stealing SOL and SPL tokens. Affects wallets that have been idle for more than 6 months. Both Phantom and Slope wallets are depleted. 0xfooba stated that the cause of the vulnerability exploitation is unknown and may be an upstream supply chain attack, and revoking the approval may not help. Why doesn't revoking approval help? Because these SOL and SPL token transfers are signed by the users themselves, rather than by a third party approved by the user. So while an individual can revoke it, it's likely there was something that led to a widespread private key compromise. The solution is to transfer assets to a wallet that never exposes private keys to potentially vulnerable browser extensions. This is meant to be a hardware wallet and nothing else. Without a hardware wallet, the best practice is to limit any upstream telemetry that may occur. Ironically, closing your browser and turning off your computer's airplane mode also applies to any exposure to pks until the cause of the exploit is known and fixed. Alternatively, transferring assets to a reliable CEX is also a retention strategy. Affected by this incident, STEPN reminds users that if users import/export any non-custodial wallets from outside to STEPN, they need to consider: 1. Check your wallet to see if any assets are missing.; 2. Transfer assets out of the wallet; 3. Generate a new non-custodial wallet in the STEPN application. Content source: Golden Finance END  |
|
|
|
|
|
