Aside from the aforementioned coins, over 300 other Solana-based tokens have been stolen alongside a few non-fungible tokens (NFTs). As reported by Fortune, most of the affected crypto wallets were so-called “hot wallets,” which means they were connected to the internet. These wallets are often regarded as less secure than “cold wallets,” also known as “hardware wallets,” which do not require an internet connection and are more difficult to compromise. In the case of the Solana attack, the following three wallets saw the biggest losses: Phantom, Slope, and Trust Wallet.
Austin Federa, the head of communications at the Solana Foundation, told Fortune: “This does not appear to be a bug with Solana core code, but in software used by several wallets popular among users of the network.” This statement is echoed throughout various publications that report that the hacker was able to accept the wallet-draining transactions on the behalf of the owners of the account. The co-founder of Solana, Anatoly Yakovenko, claimed on Twitter that the hack could be a “supply chain attack,” meaning the attacker targeted a third-party vendor as opposed to the Solana platform itself.
While experts involved in various ecosystems are trying to assist Solana in stopping the attack, the general advice for users is to move their funds to an offline wallet. Solana Status on Twitter said that there has been no evidence of hardware wallets being impacted. The same account is also expected to be posting updates on the state of things as new information emerges.