Skip to content

Solana, Nomad Hit in Busy Two Days For Hackers

Table of Contents

The Solana ecosystem has suffered a US$8 million exploit, after an unknown attacker(s) drained thousands of Solana wallets of their SOL tokens and USDC.

The hack seems to have originated on the Solana browser wallet Phantom, and is believed to have compromised the private keys of users.

“Over 5,000 Solana wallets have been drained in the past few hours,” blockchain audit firm OtterSec reported. “These transactions are being signed by the actual owners, suggesting some sort of private key compromise.

According to Twitter user @nftpeasant, as much as US$6 million were drained from Phantom wallets within a 10-minute period.

Phantom has since responded to the incident, stating that it is currently working to investigate a “reported vulnerability”.

“At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update”, it tweeted.

According to OtterSec, Ethereum users have also been affected, although the issue is “less widespread”. It is also unclear if the attacks are related or separate incidents. One Twitter user, @Justin.sol, claimed that he had used dApps that are on both Ethereum and Solana, resulting in both ERC-20 (Ethereum version) and SPL (Solana version) USDC being drained from his wallet.

Copy-paste hacking

The hack is hard on the heels of yesterday’s Nomad Bridge hack, which saw nearly US$200 million drained from the cross-chain protocol. It was also revealed that the person who hacked Lari Capital was the same one who hacked Nomad.

The hacker bypassed both the verification of transaction user requests and the processing of the trusted Merkle with 0x00 during routine storage updates and sent 0.01 WBTC to take 100 WBTC. Any user could find the transaction conducted by the hacker and then replace it with their own address, so many other actors took Nomad Bridge’s assets in the same way.

“For bridge services, operators can run off-chain operations alongside smart contract operations. This particular incident was caused by a combination of executions on the smart contract and vulnerabilities within operator operations,” Jasper Lee, audit tech lead at told Blockhead.

According to Chainalysis, approximately US$2 billion in cryptocurrency was stolen from cross-chain bridges across 13 separate hacks so far this year, with attacks on cross-chain bridges accounting for 69% of total funds stolen.