An unknown actor has drained over 8,000 internet-connected wallets in an ongoing attack on the Solana blockchain ecosystem. According to Blockchain auditor OtterSec, the attacks were still ongoing when it posted an update in the evening of August 2nd and that they had affected multiple wallets, including Phantom, Slope, Solflare and TrustWallet, across a wide variety of platforms.
As TechCrunch notes, the bad actor seems to have stolen both Solana tokens and USDC stablecoins, with the estimated losses so far amounting to around $8 million. OtterSec is now encouraging users to move all their assets to a hardware wallet, and the Solana Status Twitter account echoed that advice, adding that there’s no evidence “cold” wallets have been impacted.
The Solana Status account has also revealed that an exploit allowed a malicious actor to drain funds from the compromised wallets and that it seems to have affected both their mobile versions and extensions. Engineers from multiple ecosystems have already banded together to work with security researchers to identify the root cause of the exploit, which is yet to be discovered.