Big week in crypto, just after the Nomad bridge exploit we are now seeing a widespread ongoing exploit with online connected Solana hot wallets. So far, as of 10:30pm (Aug 2) over 8,000 Solana wallets have been exploited.
Just last month Crema Finance, another Solana platform, was exploited on July 2 for nearly $9M. Exactly one month later, this exploit today spread fast exploiting millions from users using browser extension wallets.
If you are just now discovering this and are worried about your funds best practice for self-defense to is to move funds asap if you have any funds on your Phantom and/or Slope wallet. Preferably into a hardware wallet that has never interacted with anything and is your “cold storage”.
The exploiters are actively stealing both SOL and USDC. Up to $8M and counting has been robbed as of this writing (updated 12:00am Aug 3).
- Primarily to these Wallet addresses: Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
You can follow those addresses on SolScan here:
Solana users of both Phantom and Slope browser extension wallets seem to be the primary target with users commonly using these to connect to Solana based applications. The method is still unknown at this time, users with inactive wallets, some going back months without any interactions with any contracts are even suffering from the exploit at this time. Phantom seems to be the primary target at this time.
The cause of this is currently unknown and is still up for speculation. Act fast and move your funds into a hardware wallet as soon as possible, clear your wallets completely. Perhaps a Metamask if you have to, but at this point if your don’t have a hardware wallet order one as soon as possible.
Paladin Blockchain Security is actively tracking the exploiting wallets here:
Rumors are now circulating that this is an approval abuse. While others are saying the reason for the exploit is private key abuse out of the private key origination.
Will keep updated as more information comes out. If you think your funds are at risk move them quick!