Aug 03, 2022 Frank Stewskid
The latest Solana hack is still ongoing and unexplained, here is what we know so far
A mysterious hack has so far affected over 8,000 hot wallets on the Solana blockchain including Phantom, Slope, and TrustWallet. Some users pointed out their ERC-20 tokens are also missing following the announcement of the incident about 12 hours ago. At this point, there is not much known regarding the ongoing attack but users are advised to move funds to hardware wallets as so far there is no info on such wallets being compromised. The Solana team also asks affected members of its community to fill out an online survey meant to help the investigation of the exploit.
While Solana engineers are trying to connect the dots and figure out where the attack came from and what made it possible, many experts took it to Twitter to share the results from their own research on the matter. Many claim that the source of the attack may be interactions with dApps such as the NFT marketplace MagicEden or SolaLand whose team claims the project can’t be blamed for the incident as it doesn’t have access to users’ private keys or seed phrases.
According to Solana Labs co-founder and CEO Anatoly Yakovenko, the incident is probably a supply chain attack on wallets exploiting Apple’s iOS operating system. Supply chain attacks also known as value-chain or third-party attacks, occur when a system is infiltrated by an outside partner with access to system data. Anatoly Yakovenko claims this may be the source of the attack as many of the exploited wallets have no prior interactions with dApps and have been inactive for a while, making phishing attacks unlikely to be the cause of the Solana hack.
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://t.co/ne0g3ZmLH5— SMS T◎ly, 🇺🇸 (@aeyakovenko) August 3, 2022
As well as key that were imported into iOS, and generated externally.https://t.co/hStAr1mU6Q
This statement was immediately met with negativity as some users affected by the hack pointed out they neither have an iOS nor an Android-based wallet, and a new version for the attack’s source was shared. According to it, the incident is not a chain issue but an app issue, due to developers wrongly coding the implementation of ED25519 libraries. ED25519 is a digital signature method said to be superior to prior digital signature algorithms due to its usage of the Schnorr approach when generating digital signatures. However, according to Konstantinos Chalkias from MystenLabs ED25519 comes with a major vulnerability when matching secret keys and public keys, as there are up to 39 libraries that do not do this check, essentially allowing a potential attacker to cache public keys and then probe for the correct secret keys.
As the Solana hack is ongoing and more details regarding it are to be released, DeFi Teller will update this article when there is new information around the incident.