Cyber Incident Victim: Solana
Date:
Aug 2022
Location:
United States of America
Summary
A widespread exploit targeting Solana-based cryptocurrency wallets drained approximately 7,700 to 8,000 wallets of over $5.2 million in assets, including SOL tokens and USD Coin. The attack specifically affected internet-connected wallets like Phantom, Slope, and Trust Wallet, with transactions signed by legitimate owners indicating potential private key compromises. Investigations by multiple security firms and ecosystem engineers suggested the breach stemmed from vulnerabilities in specific wallet software rather than the underlying blockchain. The incident, which remained ongoing during initial reports, followed another major crypto theft and exacerbated existing concerns about the network's reliability amid prior outages. Users were advised to transition assets to hardware wallets or centralized exchanges, as these remained unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident began on the evening of August 2, 2022, when multiple users reported unauthorized withdrawals from internet-connected cryptocurrency wallets on the Solana blockchain. By the morning of August 3, blockchain analytics firm Elliptic confirmed nearly 7,936 wallets had been drained of approximately $5.2 million in digital assets, including Solana's SOL token, USD Coin (USDC), non-fungible tokens (NFTs), and over 300 Solana-based tokens. The official Solana Status Twitter account reported slightly lower figures of 7,767 affected wallets, indicating the attack remained active during initial assessments. Primary targets included popular software wallet providers Phantom, Slope, Trust Wallet, and Solflare, with transactions showing legitimate authorization signatures that suggested private key compromises rather than blockchain protocol vulnerabilities.
Security firms and ecosystem engineers initiated collaborative investigations while the breach continued, with Elliptic's chief scientist noting the exploit likely stemmed from flaws in specific wallet applications rather than the Solana network itself. The Solana network advised users to abandon compromised wallets entirely, recommending migration to hardware wallets with newly generated seed phrases or temporary transfers to centralized exchanges. Market impacts included an 8% SOL price drop within two hours of attack detection, though prices partially recovered to 1% below pre-attack levels with increased trading volume. The incident followed closely after Nomad blockchain bridge's $200 million hack, exacerbating market concerns. Analysis revealed four primary addresses associated with the attacker, contrasting with Nomad's decentralized theft pattern. Solana's operational challenges, including a June 2022 network outage, compounded scrutiny regarding platform reliability despite its positioning as an Ethereum competitor with faster transaction capabilities. No evidence emerged implicating hardware wallets, reinforcing their security distinction from internet-connected alternatives during the ongoing investigation into the root cause.