A number of users of the Solana (SOL) crypto-asset-based hot wallet found their accounts hacked by hackers and suffered a cumulative loss of $8 million.
The hacking incident was reported on Twitter with some users finding their funds missing, and issuing warnings to move assets from hot wallets to other cold wallets.
It is understood that some users of the Phantom and Slope crypto hot wallets and the non-fungible token (NFT) market platform, Magic Eden experienced the hacking disruption.
Revealing the incident, a Twitter user reported that almost $6 million in funds disappeared from the Phantom wallet within 10 minutes while others found as much as $500,000 USDC missing from their accounts.
some exploit either with @phantom or @MagicEden, drained 6mil in like 10 mins literally every phantom wallet getting compromised, not sure if any other wallets too pic.twitter.com/dVtksoMeye
— Paladin (@nftpeasant) August 2, 2022
According to blockchain investigator PeckShield, the widespread hacking is due to a 'supply chain issue' being exploited to steal user passwords behind compromised wallets.
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affecting wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
Following that, the Phantom quickly carried out an investigation and found the mastermind behind the problem.
Magic Eden and Slope are also seen trying to calm the situation by issuing official statements on their respective Twitter pages, stating that their teams are trying to resolve the issues that have arisen.
Meanwhile, another report stated that nearly 8,000 wallets were hacked with $580 million sent to 4 different addresses.
The CEO and founder of Ava Labs, Emin Gun Sirer said that the transaction was seen as having been confirmed with 'the possibility that the hacker has indeed obtained the private password.'
