Over 8,000 Solana wallets compromised in an ongoing multimillion exploit

The attack affected several Solana-based hot wallets, including Slope and Phantom, as some experts believe the root cause of the exploit is a “supply chain issue.”

A photo of a piggy bank drained for money.

According to the blockchain security firm PeckShield, the estimated loss amounts to about $8 million, and the hack is likely due to the supply chain issue, which means that existing software dependencies in browser extensions may have been exploited. All transactions from affected addresses have been signed properly, indicating that the attacker somehow acquired access to users’ private keys.

Initial reports focused on the Solana-based Phantom wallet, as a crypto investor and analyst Miles Deutscher was among the first to point out that Solana is under attack. "There's an unknown $SOL exploit currently draining random Phantom wallets," he tweeted. "$6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet."

However, later it became obvious that other wallets, including Slope and TrustWallet, were compromised as well. Phantom announced it was working closely with other teams to investigate the critical vulnerability, although noted that the issue is unlikely on the side of its product.

To help security researchers identify the root cause of the exploit, Solana encourages affected users to complete the short survey. Until the attack is mitigated, all wallet holders are advised to revoke access to the wallet app or move funds to hardware wallets.