An unidentified hacker used an exploit to drain funds from more than 7,000 cryptocurrency wallets on the Solana blockchain as of Wednesday morning. Solana confirmed on Twitter the extent of the hack that began Tuesday night.
Outside cryptocurrency analysis firms have placed the losses at roughly $5 million worth of Solana currencies. Solana has not provided its own estimate.
Solana says it has not yet identified the source of the exploit and is still investigating the attack. However, it appears to have affected “a software dependency shared by several software wallets,” Solana head of communications Austin Federa wrote on Twitter Tuesday night.
The exploit allowed the attacker to sign transactions as users themselves, suggesting private keys were compromised. Researchers at cryptocurrency analysis firm Elliptic also suggested the attack was software-based.
A software-based attack would stand out among other major cryptocurrency hacks in 2022, most of which involved a hacker exploiting a vulnerability in the blockchain itself. Solana’s co-founder Anatoly Yakovenko suggested the hack may have begun as a supply chain attack through another connected iOS and Android-based app.
Wallets affected by the hack include Slope and Phantom. Solana is encouraging users to move funds to hardware-based wallets.
Solana referred CyberScoop to its Twitter account in response to a request for additional information.
The incident follows a $200 million hack Monday of Nomad, a blockchain bridge. Numerous hackers flocked to exploit a vulnerability that allowed them to withdraw more than they deposited by bypassing the protocol’s verification system. Hackers have since returned $9 million of the stolen assets, the company said Wednesday.
Blockchain bridges allow for the movement of cryptocurrency from one blockchain to another, making them an attractive target for criminals. For instance, hackers linked to North Korea stole more than $600 million in cryptocurrency earlier this year from the bridge that connected blockchain game Axie Infinity. Researchers at Chainalysis estimate 13 separate attacks amounting to $2 billion in cryptocurrency losses, making up 69 percent of total stolen cryptocurrency funds so far this year.
The cryptocurrency industry has seen close to $2 billion in attack-based losses so far in 2022, the Verge reported based on research from cryptocurrency security firm CertiK.