An unknown attacker has been emptying Solana and USDC wallets; Solscan says over 15,000 wallets have been affected, draining $4.46M, primarily in SOL and USDC
An unknown attacker drained thousands of wallets containing at least $4 million worth of Solana and USDC late Tuesday night.
Decrypt Jason Nelson
Related Coverage
- Solana Wallets Targeted in Latest Multimillion Dollar Hack CoinDesk
- Solana Labs responds to wallet exploit, says there's no evidence network is to blame The Block
- Solana exploit enters second day as CEO points to attack on Apple hot wallets The Block · Vishal Chawla
- Solana exploit sees more than $10M of users' funds stolen as wallets are hacked Metaverse Post · Valeria Goncharenko
- Solana ‘hot’ wallets are being drained in multi-million dollar attack Engadget · Mariella Moon
- Millions Drained in Solana Wallet Hack PYMNTS.com
- Crypto Takes a Fresh Hit as Thousands of Solana Wallets Hacked Bloomberg
- Thousands of Solana wallets drained in attack using unknown exploit BleepingComputer · Bill Toulas
- Solana ecosystem hit by widespread hack draining thousands of crypto wallets The Verge · James Vincent
- Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far CNBC · MacKenzie Sigalos
- Thousands of Solana wallets drained in widespread attack that's netted more than $5 million so far Web3 is going just great · Molly White
- Solana wallets ‘compromised and abandoned’ as users warned of scam solutions Cointelegraph · Gareth Jenkinson
- 🤮 Another day, another hack web3lunch
- Major L1 blockchain exploited for over $500m. Crypto Conquistador · Gabi
- SOL Token Holds Price Support After Million-Dollar Hack Brings Bad Optics for Solana CoinDesk · Omkar Godbole
- Here's Everything We Know About The Solana Exploit Watcher Guru · Paigambar Mohan Raj
- SOL Drops as Thousands of Wallets Attacked on Solana, Millions in USD Stolen (UPDATED) Cryptonews
- Solana wallets ‘drained’ in blow to crypto network Financial Times · Scott Chipolina
- Solana Token Drops As Millions Worth Of User Funds Compromised In The Latest Solana Wallet Hack Ethereum World News · Juhi Mirza
- Solana Exploit: Auditing Firm Claims Ethereum (ETH) Users Also Compromised CoinGape · Varinder Singh
- Solana falls foul of crypto heist, losing millions Cybernews.com · Damien Black
- Solana Ecosystem Becomes Latest Target for Crypto Exploit as 8000 Wallets Affected Coinspeaker · John K. Kumi
- Solana Down In A Green Market As Multimillion-Dollar Hack Empties Over 7,000 Wallets ZyCrypto · Olivia Brooke
- Nomad hack: Ethical hackers return $9 million to exploited crypto bridge platform The Block · Osato Avan-Nomayo
- Altcoins affected by Nomad hack collapsed as much as 94% BestBrokers.com · Paul Hoffman
- Hackers Send Back $9M to Nomad Bridge After $190M Exploit CoinDesk · Oliver Knight
- Crypto Bridges are Vulnerable AF Web3 Digest · Michael Spencer
- Nearly $200 Million Stolen From Cryptocurrency Bridge Nomad SecurityWeek · Eduard Kovacs
- Nomad Bridge Exploit Incident Analysis CertiK Blockchain Security Leaderboard
- This is Why the Crypto Market is at Risk Of Massive Liquidation Soon! Coinpedia · Delma Wilson
- Hack of US cryptocurrency firm Nomad leads to $190 million loss in bridge attack SC Media · Karen Hoffman
- How a crypto bridge bug led to a $200m ‘decentralized crowd looting’ The Register · Thomas Claburn
- Nomad crypto bridge loses $200 million in ‘chaotic’ hack The Verge · Corin Faife
- Hackers use copy-paste exploit to siphon nearly $200M from crypto company Input · Will Gendron
- Crypto Bridge Nomad Exploited for $190M in ‘Frenzied Free-for-All’ Decrypt · Jason Nelson
- Hacking free-for-all relieves crypto bridge users of $200 million Engadget · Jon Fingas
- $150 Million Drained From Nomad Exploit ETH Daily
- ‘Frenzied mob’ steals more than $156 million from crypto platform Nomad The Record · Jonathan Greig
Discussion
-
@0xfoobar
@0xfoobar
on x
🚨 Widespread Solana private key compromise 🚨 - attacker is stealing both native tokens (SOL) and SPL tokens (USDC) - affecting wallets that have been inactive for >6 months - both Phantom & Slope wallets reportedly drained https://twitter.com/...
-
@peckshieldalert
@peckshieldalert
on x
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M)…
-
@phantom
@phantom
on x
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.
-
@solanastatus
@solanastatus
on x
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted. This thread will be updated as new information becomes available.
-
@magiceden
@magiceden
on x
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem Here's what you can do right now to best protect yourself 1. Go to >Settings on your @phantom wallet 2. >Trusted Apps 3. >Revoke Permissions for any suspicious links 💜
-
@solanastatus
@solanastatus
on x
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
-
@solporttom
@solporttom
on x
Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of no where. Move everything to a ledger NOW. Two wallets reported: #1 https://solscan.io/... #2: https://solscan.io/...
-
@aeyakovenko
@aeyakovenko
on x
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://explorer.solana.com/ ... As well as key that were imported into iOS, and generated externally. https://explorer.solana.com…
-
@cz_binance
@cz_binance
on x
There is an active security incident on Solana. Many (7000+ and counting) wallets are drained of SOL & USDC. Don't know root cause yet. Maybe permissions granted to apps. For remediation, send the funds to a cold wallet or CEX like @Binance. https://twitter.com/...
-
@solanastatus
@solanastatus
on x
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network. Updates will be posted to https://twitter.com/... as they become available. 2/2
-
@solanastatus
@solanastatus
on x
There's no evidence hardware wallets have been impacted - and users are strongly encouraged to use hardware wallets. Do not reuse your seed phrase on a hardware wallet - create a new seed phrase. Wallets drained should be treated as compromised, and abandoned.
-
@milesdeutscher
Miles Deutscher
on x
There's an unknown $SOL exploit currently draining random Phantom wallets right now. ⚠️ $6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet.
-
@justinbarlow
@justinbarlow
on x
For reference I haven't interacted with any contracts at all in ~40 days. My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained
-
@stevekovach
Steve Kovach
on x
There have been 3 big crypto hacks/breaches/thefts so far this month. And it's only August 3. https://twitter.com/...
-
@solanastatus
@solanastatus
on x
Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. 1/2
-
@lyu_johnny
@lyu_johnny
on x
We have noticed the ongoing #Solana wallets exploit. Users can be reassured that their $SOL assets with #KuCoin are safe. We're in close contact with the Solana team and have blocked the suspicious addresses as requested. Still checking other ways to help. Stay Safe! 🙏
-
@officer_cia
@officer_cia
on x
Big news - @Solana hack! In an unknown way scammers are withdrawing $SOL from the wallets of ordinary users right now! The amount of stolen funds currently exceeds $5 million. I recommend unlinking your wallet from all sites so they don't have access to your assets! https://twitt…
-
@hosseeb
Haseeb Qureshi
on x
This has been a bad week for exploits. Active attack right now on Solana—no one knows yet where it's coming from. Revoke permissions ASAP (or just move assets to a Ledger). https://twitter.com/...
-
@mattdesl
Matt DesLauriers
on x
npm install scripts seems like the biggest crypto hot-wallet attack vector on the web. 😬
-
@buccocapital
@buccocapital
on x
We are “so early” it might actually have been “too early” https://twitter.com/...
-
@liron
Liron Shapira
on x
The SOL hack is a good reminder that by the time all problems with blockchain currencies get patched, the resulting financial system will be as complex and as regulated as traditional finance. Therefore I recommend focusing on iterative upgrades to the traditional finance system.
-
@nftpeasant
@nftpeasant
on x
@mattysino some exploit either with @phantom or @MagicEden, drained 6mil in like 10 mins literally every phantom wallet getting compromised, not sure if any other wallets too https://twitter.com/...
-
@justin_bons
Justin Bons
on x
Solana wallets are being drained on mass right now! As part of what looks like a private key exploit! I have been warning people about the reckless behavior of SOL for years This is a consequence of that behavior If you are affected follow this advice: https://twitter.com/...
-
@coinbureau
@coinbureau
on x
Another day, another hack... Seems to be an ongoing attack on Solana affecting hot wallets. Doesn't appear to be about dApp permissions either so revoking won't help. If you are using a $SOL web wallet, best to transfer those funds to a hardware device for the time being 🙏 https:…
-
@aeyakovenko
@aeyakovenko
on x
Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.
-
@justinsuntron
H.E. Justin Sun
on x
Revoking approvals and transferring your solana based token to an offline hardware wallet. For USDC, you can trust USDC on #TRON. For SOL, you can trust @Poloniex. https://twitter.com/...
-
@top7ico
@top7ico
on x
Ongoing Exploit of @solana $SOL Hot wallets: More than 8,000 wallets drained Funds have been drained without users knowledge from major internet-connected hot wallets including @phantom, @slope_finance and @TrustWallet. 👉 https://coindesk.com/... https://twitter.com/...
-
@justinbarlow
@justinbarlow
on x
Just had my USDC drained AMA🙁
-
@naeper
Dmitriy Gerasimov
on x
Two important lessons: - Solana was written on Rust that's positioned as secure language. Language itself doesn't provide high security. That's why we've selected C language. - Most probable cause is supply chain attack. That's why Cellframe almost has no 3rd party components htt…
-
@web3isgreat
@web3isgreat
on x
This is an ongoing attack, so stay tuned for updates on this one. The attackers are continuing to transfer funds out of various wallets as we speak, and it doesn't seem the source of the exploit has been identified.
-
@solbigbrain
S◎L Big Brain
on x
Still seems to be a lot of unknowns on this exploit. Nothing concrete on the exact cause yet. Most roads are leading to those who had mobile wallets (Phantom or Slope). I have used zero mobile wallets and so far all wallets appear safe. Anybody drained while never using mobile?
-
@thisisnuse
Ant
on x
Unaffected by the $SOL exploit due to draining my own wallet using good old fashion shit trading at Mango months back. Crisis averted.
-
@nomadxyz_
@nomadxyz_
on x
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
-
@nomadxyz_
@nomadxyz_
on x
Update: We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics. Our goal is to identify the accounts involved and to trace and recover the funds. 1/2
-
@samczsun
@samczsun
on x
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 https://twitter.com/...
-
@0xfoobar
@0xfoobar
on x
Nomad bridge getting actively hacked. WETH and WBTC being taken out in million-dollar increments. Withdraw all funds if you can, still $126m remaining in the contract that's likely at risk https://twitter.com/...
-
@nomadxyz_
@nomadxyz_
on x
We're aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren't yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad's official channel: @nomadxyz_
-
@samczsun
@samczsun
on x
10/ It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message https://twitte…
-
@0xfoobar
@0xfoobar
on x
Sadly, the answer can be found directly in the Nomad audit report. Reminiscent of the Rune hack where the vulnerable function had a code comment above it explaining how to exploit it. Audit report here: https://github.com/... https://twitter.com/...
-
@xiliangchen
Bryan Chen
on x
1/ Some thoughts about smart contract security. What went wrong? Can we do better? How to do better? TLDR; we need better redundancy.
-
@chainalysis
@chainalysis
on x
Following last night's exploit of the Nomad Bridge, an estimated $2B has been stolen from cross-chain bridges so far in 2022. Read our blog to learn what makes these protocols vulnerable and what the industry can do about it. https://blog.chainalysis.com/ ... https://twitter.com/…
-
@fatmanterra
Fat Man
on x
Messages popping up in public Discord servers of random people grabbing $3K-$20K from the Nomad bridge - all one had to do was copy the first hacker's transaction and change the address, then hit send through Etherscan. In true crypto fashion - the first decentralized robbery. ht…
-
@mg_486662
@mg_486662
on x
1/ Nomad's bridge got owned in a similar manner to Qubit's QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica's “process” function.
-
@paradigmeng420
@paradigmeng420
on x
The Nomad bridge was just exploited for 165m Currently, the details of the hack are unknown and this is not a post-mortem. However, here are some details about the hack 👇 🧵 (1/12)
-
@cwgoes
Christopher Goes
on x
if you rely on legal enforcement to rectify protocol mistakes, you aren't testing a new system, you're testing the old system wrapped up in fancy clothing with a dollop of legal arbitrage on top. what is the point? “we have retained leading firms”, what is this, a central bank? h…
-
@lorenzofb
Lorenzo Franceschi-Bicchierai
on x
“The first decentralized robbery” in the history of the internet. Gotta love web3. https://twitter.com/...
-
@arjunbhuptani
@arjunbhuptani
on x
Seeing a LOT of misinfo about Nomad team ignoring Quantstamp's audit recommendations. This is *wrong*. The vulnerability pointed out by QS is a *completely different issue*. Actual bug was in process(), not prove(), and introd after a bad upgrade. https://twitter.com/...
-
@bloombergtv
@bloombergtv
on x
“I think it needs serious regulation,” says Harvard's Bruce Schneier in regards to cryptocurrency. Nomad, a bridge protocol for transferring crypto tokens across different blockchains, lost close to $200 million in a security exploit on Monday https://www.bloomberg.com/... https:…
-
@mudit__gupta
Mudit Gupta
on x
Woke up to another bridge hack. Good morning crypto twitter 🫡 This time, Nomad got rekt for around 190m. Some of it was whitehacked though. The attacker could've have stolen everything in a single transaction but they didn't and got front run. https://twitter.com/...
-
@el33th4xor
@el33th4xor
on x
The Nomad bridge, used by non-Avalanche chains, was hacked today. Nomad was the official bridge for EVMOS (Cosmos EVM), Moonbeam (Polkadot EVM), and Milkomeda (another EVM). This thread provides a post-mortem. The Avalanche Bridge is unaffected. https://twitter.com/...
-
@moonbeamnetwork
@moonbeamnetwork
on x
1/ Important Notice: The Moonbeam Network has gone into Maintenance Mode in order to investigate a security incident with a smart contract deployed on the network.
-
@mmasnick
Mike Masnick
on x
A friend once used the line about how every web3 project has “a built-in bug bounty” as a positive, in that (in theory) it would encourage more thoughtful, careful design. https://t.co/regFeyrdrd
-
@benedictevans
Benedict Evans
on x
Instead of “it doesn't need to be fixed/it can't be fixed” - how can it be fixed? https://twitter.com/...
-
@nassyweazy
Nass
on x
The Security team at @a16z Crypto has investigated and found the root cause of the @nomadxyz_ bridge hack. Nothing to be done at this time except getting funds back from whitehats that drained preventively. We'll work with ecosystem members to prevent such issues in the future. h…
-
@jonrog1
John Rogers
on x
Woof, real time account of blockchain looting. https://twitter.com/...
-
@moonbeamnetwork
@moonbeamnetwork
on x
1/ Earlier today, there was a security incident that impacted the @nomadxyz_ bridges to Moonbeam. Nearly all the assets in Nomad's Ethereum Mainnet smart contract have been drained. We have found no evidence that the recent security incident was related to the Moonbeam codebase.
-
@benedictevans
Benedict Evans
on x
“Let's trust our monetary system to the idea we can make code with no bugs” https://t.co/PePMf0g0Ir
-
@samczsun
@samczsun
on x
12/ tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all
-
@dzack23
@dzack23
on x
Front-running all of your bad nomad takes: 1. “This is why trustless bridges are better” The trust model wasn't compromised. 2. “This is why multi chain = bad.” There was nothing bridge-specific about the exploit. 3. “Nomad team = bad” Smart, good people make mistakes.
-
@chainlinkgod
@chainlinkgod
on x
Not only are all the people who held Nomad bridged tokens now completely rekt, but so are the chains that used Nomad as their canonical token bridge The contagion effects are real, absolutely brutal https://twitter.com/...
-
@0xfoobar
@0xfoobar
on x
TL;DR - a poor operational strategy led to bad merkle root initialization which led to every message being proven valid by default Rough timing as the Nomad team raised a $22 million round several months ago and recently announced significant backing https://twitter.com/...
-
@moonbeamnetwork
@moonbeamnetwork
on x
The Moonbeam Network Maintenance Mode has ended following an investigation that found no evidence that the recent security incident was related to the Moonbeam codebase. The chain has been restored to full functionality and is now operating as usual.
-
@notifi_xyz
@notifi_xyz
on x
im returning this money, fbi pls calm down. no i didnt plan to steal it and yes i know this address is doxed https://www.notifi.xyz/...