Solana vulnerability continues to spread


On the morning of August 3, an unprecedented large vulnerability in the entire Solana ecosystem caused many wallet addresses to be withdrawn. However, by noon of the same day, this error has not been fixed and the problem is getting worse.

As I reported, more than 5,000 wallet addresses on Solana have been withdrawn millions of dollars in just a few hours based on an unidentified bug on this ecosystem.

However, this number has not stopped. More and more wallet addresses are net withdrawing assets. By noon on the same day, there were nearly 8,000 Solana wallet addresses affected. (According to Dune Analytics).

Number of wallets hacked (Source: Dune Analytics)

According to crypto analyst OtterSecs, the event affects various wallet apps such as Phantom, Slope, Solflare, TrustWallet among others. Users should move assets to cold wallets or decentralized exchanges for safety, OtterSecs said.

Changpeng Zhao, the CEO of the Binance exchange, thinks that the cause can come from granting permissions for applications and advises people to send assets to decentralized exchanges like Binance.

For that reason, many people have revoked, de-granted applications to protect themselves from attackers.

However, “oxfoobar”, a crypto researcher on Twitter, rejected the above solution, arguing that the transactions were all signed by the owner of the crypto wallet. This means that the passphrase (the key to the user’s wallet) has been exposed so revoke operations will not work, foobar said.

While people were panicking to move their assets to a safe place, the Solana network suddenly “frozen” leaving many people unable to access their browser applications and wallets.

According to GenesysGo, this issue occurred because a large number of RPCs were attacked because of a security flaw in the Solana software.

Laine, the company that provides validators on Solana, said many Nodes on Solana have stopped accepting requests, possibly due to overload or intentional.

“However, this will not affect the blockchain and the chain will continue to function normally,” Laine said. This is completely different from previous “network outages” in June.

The ping time on Solana is reaching the highest level (According to Solscan). This indicates that the network is under load due to too many people interacting or the platform is under a DDoS attack.

Ping Time on Solana (Source: Solscan)

Although before that, the attacker only withdrew assets including SOL and USDC. However, more and more people are reporting that the NFT (non-fungible token) in their wallet has also “disappeared”. Magic Eden, the largest NFT trading platform on Solana, also advises people to move all assets including NFT to cold wallets.

Up to now, many theories have been put forward about the cause of this unprecedented vulnerability. Emin Gün Sirer, CEO of Avalabs, thinks that the most likely reason is the error of the signature encryption program on Solana Chain itself.

“The short explanation is that the encryption of the signature on the transaction is faulty. This means that the attacker took advantage of a bug on the supply chain to be able to access the private key through the user’s signature during the transaction. Once they have the private key, they can access and take full control of the victim’s wallet,” said Terry, a programmer in Ho Chi Minh City.

However, up to now, there is no exact information about this case. With that comes the unresolved issue that keeps the Solana community worried about their assets on the platform.


Please enter your comment!
Please enter your name here