The attack — which has only affected only “hot” wallets or wallets that are always connected to the internet, allowing people to store and send tokens easily — does not appear to be limited to Solana. Justin Barlow, an investor at Solana Ventures, reported that his USDC balance was drained as well. Crypto analyst @0xfoobar confirmed that:

“the attacker is stealing both native tokens (SOL) and SPL tokens (USDC)… affecting wallets that have been inactive for less than 6 months.”

See:  First Crypto Store of Its Kind: Solana Opens in New York City

The attack has compromised other wallets including Phantom, Slope and TrustWallet. Initial reports suggested Solflare users were also impacted, but the company tells TechCrunch it has not been affected by this exploit. Wallets drained should be treated as compromised and abandoned, Solana warned as it encouraged users to switch to hardware or “cold” wallets.

The cause of the attack remains unclear, but industry leaders including Emin Gün Sirer, founder of another popular blockchain Avalanche, pointed out that the transactions were properly signed, which means the vulnerability could be a “supply chain attack” that manages to steal users’ private keys. @0xfoobar added that “it’s likely something has caused widespread private key compromise”, and warned that revoking wallet approvals will probably not help.

See:  Code is Law Case: A Hamilton teen ‘hacked’ US$16 million in crypto (while he may not be in the wrong)

The Solana attack comes just hours after malicious actors abused a “chaotic” security exploit to steal almost $200 million in digital assets from cross-chain messaging protocol Nomad. The “free-for-all” attack, which saw more than 41 addresses drain $152 million — 80% of the stolen funds — was made possible by a recent update to one of Nomad’s smart contracts that made it easy for users to spoof transactions.

Continue to the full article --> here