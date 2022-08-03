U.S. markets open in 4 hours 39 minutes

  • S&P Futures

    4,100.50
    +6.75 (+0.16%)
     

  • Dow Futures

    32,448.00
    +83.00 (+0.26%)
     

  • Nasdaq Futures

    12,926.00
    +1.50 (+0.01%)
     

  • Russell 2000 Futures

    1,890.70
    +7.70 (+0.41%)
     

  • Crude Oil

    93.52
    -0.90 (-0.95%)
     

  • Gold

    1,780.30
    -9.40 (-0.53%)
     

  • Silver

    19.82
    -0.32 (-1.58%)
     

  • EUR/USD

    1.0187
    +0.0021 (+0.20%)
     

  • 10-Yr Bond

    2.7410
    0.0000 (0.00%)
     

  • Vix

    23.72
    +0.88 (+3.85%)
     

  • GBP/USD

    1.2178
    +0.0013 (+0.11%)
     

  • USD/JPY

    133.2100
    +0.0580 (+0.04%)
     

  • BTC-USD

    23,212.40
    +359.48 (+1.57%)
     

  • CMC Crypto 200

    532.87
    +12.05 (+2.31%)
     

  • FTSE 100

    7,397.74
    -11.37 (-0.15%)
     

  • Nikkei 225

    27,741.90
    +147.17 (+0.53%)
     

Thousands of Solana wallets drained in multimillion dollar exploit

Rita Liao and Carly Page
·2 min read

Solana, an increasingly popular blockchain known for its speedy transactions, has become the target of the crypto sphere's latest hack after users reported that funds have been drained from internet-connected “hot” wallets.

An unknown actor drained funds from 7,767 wallets on the Solana network as of 5am UTC on Wednesday, Solana's Status Twitter account said. However, blockchain security firm SlowMist’s crypto tracker identified that more than 8,000 wallets had been drained. It's estimated the loss so far is around $8 million.

The attack - which has only affected only "hot" wallets or wallets that are always connected to the internet, allowing people to store and send tokens easily - does not appear to be limited to Solana. Justin Barlow, an investor at Solana Ventures, reported that his USDC balance was drained as well. Crypto analyst @0xfoobar confirmed that "the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)... affecting wallets that have been inactive for less than 6 months."

The attack has compromised other wallets including Phantom, Slope, Solflare, and TrustWallet. Wallets drained should be treated as compromised and abandoned, Solana warned as it encouraged users to switch to hardware or "cold" wallets.

Phantom, a fast-growing Solana-based wallet that hit $1.2 billion in valuation in January, said it's "working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem."

"At this time, the team does not believe this is a Phantom-specific issue," the wallet developer says.

Slope added that it is "actively working to sort out the issue as rapidly as possible and rectify best we can", while non-fungible token (NFT) marketplace Magic Eden called on users to revoke permissions for any suspicious links in their Phantom wallets.

The cause of the attack remains unclear, but industry leaders including Emin Gün Sirer, founder of another popular blockchain Avalanche, pointed out that the transactions were properly signed, which means the vulnerability could be a "supply chain attack" that manages to steal users' private keys. @0xfoobar added that "it's likely something has caused widespread private key compromise", and warned that revoking wallet approvals will probably not help.

Solana spokesperson Chris Kraeuter declined to answer our questions but referred us to Solana’s Status Twitter account, which states that the company's engineers "are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time."

The Solana attack comes just hours after malicious actors abused a “chaotic” security exploit to steal almost $200 million in digital assets from cross-chain messaging protocol Nomad. The “free-for-all” attack, which saw more than 41 addresses drain $152 million — 80% of the stolen funds - was made possible by a recent update to one of Nomad’s smart contracts that made it easy for users to spoof transactions.

This is a developing story.

Recommended Stories

  • Uber exits Zomato investment for over $390 million

    Uber’s ride with Zomato has concluded. The ride-hailing firm sold its 7.8% stake in the lossmaking food delivery firm on Wednesday for over $390 million, a person familiar with the matter said, becoming the latest large institutional investor to exit the Indian firm. The sale comes a day after Uber said it had assumed an unrealized loss of $707 million on its Zomato investment in the first half of this year and the quarter that ended in June 30, 2022.

  • Florida set to host two back-to-back ULA and SpaceX launches on same day this week

    A 200-foot Atlas V rocket rolled out to its pad at Cape Canaveral Space Force Station on Tuesday, setting the stage for two launches on Thursday.

  • NHL offseason tracker: Following the signings, trades and rumors during the summer

    The first days of free agency were busy. Follow along for news and analysis of all the trades and signings for the rest of the offseason.

  • Wallets Drained In Ongoing Solana Breach

    Solana users report that their wallets are being drained in an ongoing exploit.

  • Toilets, funerals, rap: Kenya's no-stone-unturned campaign

    At funerals, in rap videos or even inside public toilets: Kenya's election candidates are leaving no stone unturned in their fight for votes.

  • White House says Taliban violated Doha agreement

    STORY: Afghanistan's Taliban government has not confirmed the death of Zawahiri, an Egyptian surgeon who had a $25 million bounty on his head and helped to coordinate the Sept. 11, 2001, attacks on the United States that killed nearly 3,000 people.U.S. officials, speaking on the condition of anonymity, said Zawahiri was killed when he came out on the balcony of his safe house in the Afghan capital at 6:18 a.m. (0148 GMT) on Sunday and was hit by Hellfire missiles from a U.S. drone."Now justice has been delivered, and this terrorist leader is no more," U.S. President Joe Biden said on Monday.Biden said he authorized the strike after months of planning and that no civilians or family members were killed."The world will be a safer place," said Britain's foreign minister Liz Truss.Three spokespeople in the Taliban administration declined comment on Tuesday. The United States accused the Taliban of violating an agreement between them by sheltering Zawahiri.White House National Security Spokesman John Kirby on Tuesday at the White House press briefing said: "We have made it clear that not we believe, not we think, not we supposed, but we know that's a violation of the Doha Agreement.”Taliban spokesperson Zabihullah Mujahid previously confirmed that a strike took place in Kabul on Sunday and called it a violation of "international principles."

  • Chip Maker AMD Prospers as Rival Intel Struggles

    Advanced Micro Devices reported a sharp increase in quarterly sales, driven by strength in its data-center business where rival Intel has been stumbling, but issued a muted outlook for the current period. The company also issued a subdued outlook for the current quarter, projecting roughly $6.7 billion in sales. Unlike Intel, which cut its full-year outlook last week, AMD maintained its full-year sales outlook despite a weaker overall personal-computer market, citing its strength in other areas.

  • Exclusive-U.S. game software developer Unity in talks to spin off China unit -sources

    HONG KONG (Reuters) -Unity Software Inc, the U.S. developer best known for software used to design video games, is in talks to spin off its China unit to help it expand in the world's biggest games market, four people with knowledge of the matter told Reuters. San Francisco-based Unity has sought strategic investors to join it in a business valued at over $1 billion during talks, said two of the people, declining to be identified as they were not authorised to speak publicly on the matter. Unity declined to comment.

  • Avast’s £6bn cybersecurity merger given provisional approval

    The Competition and Markets Authority said it does not believe the tie-up with US rival NortonLifeLock raises competition concerns in the UK.

  • UiPath Acquires This AI Startup For Undisclosed Sum

    Software automation company UiPath, Inc (NYSE: PATH) snapped up artificial intelligence startup Re:infer Ltd. The financial terms of the transaction remain undisclosed. Re:infer was founded in 2015 by Ph.D. scientists from the AI research lab at University College London. Re:infer uses machine learning (ML) technology to mine context from communication messages and transform them into actionable data with speed and accuracy. Also Read: UiPath's Latest Restructuring Did Not Surprise Analysts - Re

  • Apple’s got a rare deal when you buy its Apple TV 4K box

    The 2021 streaming device features the new Siri remote and is fitted with an A12 Bionic chip

  • Spotify wants users to pay for separate 'Play' and 'Shuffle' buttons

    Spotify is updating its app to address a long-standing user complaint with music playback -- but it's asking customers to pay for the fix. The company announced today it will introduce, at last, a separate Play Button and a Shuffle Button at the top of albums playlists to make it easier to play the music the way you like. This seems a bizarre choice given that customer complaints had correctly identified an issue with the overall design of the Spotify app's interface and its user experience.

  • Artificial Intelligence Stocks To Watch: Big Tech Expands AI Products, Services

    When looking for the best artificial intelligence stocks to buy, identify companies using AI technology to improve products or gain a strategic edge, such as Google, Microsoft and Nvidia.

  • 5G Stocks To Buy And Watch As Wireless Firms Move Beyond Smartphones

    The best 5G stocks to invest in will change as smartphone apps, enterprise services and the metaverse develop over time.

  • Cybersecurity Stocks To Buy And Watch: Will Cloud Companies Outperform?

    Cybersecurity stocks have underperformed vs. the S&P 500. But cloud security companies may be better positioned as corporate budgets tighten.

  • Gucci’s Crypto Payment Options Set to Explode in U.S.

    Gucci is accepting more crypto than ever, as ApeCoin joins the fold and it prepares to make all of its U.S. stores crypto-ready this week.

  • Here's how to scan documents and text to your Apple devices

    Use the notes app function "Scan Documents" and "Scan Text" to save your physical work to your iPhone devices. You can also save these scans as PDFs.

  • The Apple Watch Series 7 is $120 Off on Amazon

    You can save up to $60 on Apple's flagship smartwatch which has all the bells and whistles you'd expect.

  • Microsoft launches Outlook Lite for low-powered Android phones

    Microsoft has launched its lightweight Outlook Lite Android app, which is suitable for low-end Android devices and regions with data connectivity issues. Microsoft said it will consider adding more countries to the list in the future. The company added this app to its Office 365 roadmap in June, so this launch hints toward a broader release.

  • Why Tencent and NetEase Shares Are Trading Lower Today

    China's gaming regulator has granted publishing licenses to 69 online games, including titles belonging to developers like G-bits Network Technology Xiamen Co Ltd and iDreamSky, Reuters reports. China's list continued to duck Tencent Holdings Ltd (OTC: TCEHY) and NetEase Inc (NASDAQ: NTES) regarding games approval. Recently NetEase braced to release the most-awaited Diablo Immortal mobile game in China on July 25, a month after its initially scheduled launch date. TikTok owner ByteDance Ltd has