- Phantom wallet users complain that money is being used up without their consent
- Several commenters point to an exploit involving the wallet or NFT marketplace Magic Eden
Users of the Solana Phantom and Slope digital wallets claim that millions were stolen by an unknown exploit linked to the wallets or associated trusted apps.
According to multiple users and market participants, the operation on the Solana network or through native wallets costs users money, despite being disconnected from web browsers or having made wire transfers. Exact details of the exploit are not yet known.
“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” the Phantom team told Blockworks. “At this point, the team doesn’t believe this is a Phantom-specific problem.” The exact amount stolen from users’ wallets is not yet known.
Users said they are receiving notifications that they are sending tokens to an unknown set of addresses. The total amount drained so far is suspected of totaling more than $6 million in SOL from more than 7,760 portfolios. Blockworks could not directly independently verify the total amount withdrawn.
An exploit allowed a malicious actor to extract money from a number of wallets on Solana. As of 5 a.m. UTC, approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This seems to have affected both mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
Web-based cryptocurrency wallet users slope also report incidents of an exploit. The attacker would get away with both SOL and Solana Program Library (SPL) tokens.
One user, who uses @Paladin on Twitter, told Blockworks that several people familiar with the situation had their wallets “randomly empty.”
“They lost thousands and most of their money, so they’re pretty depressed,” they said. “Move coins to a ledger and disconnect any trusted website.”
Paladin pointed to two big wallet addresses suspected of being owned by the exploiter, who have a combined balance of approximately 37,777 SOL (US$1.5 million). A third wallet with about 2,402 SOL ($95,000) money continues to be diverted to his address as a result of the exploit, Paladin said.
The exploit appears to affect all Solana-based tokens with recommendations for moving coins to a ledger, withdrawing trusted apps like NFT marketplace Magic Eden, or locking them down via staking.
Hacks and exploits related to DeFi and NFTs continue to increase. Last month, Blockworks reported that the total number of hacks exceeded $1.2 billion for the first quarter of this year alone in what appears to be an increase in frequency for the nascent sector.
Ongoing hacks “is essentially an unsolvable problem,” Immunefi CEO Mitchell Amador told Blockworks in an interview at the time. “We knew it was going this way. The volatility is part of crypto, the amount of money flowing in would increase.”