Do we need more Scalability, Speed rather than Security as the Solana Ecosystem is under attack again?
In a tweet earlier today, Magic Eden confirmed that there is an exploit draining wallets on the Solana ecosystem. At the time of writing, data from дюна shows that over 7,700 addresses have been affected, as pundits estimate that at least $5 million in crypto assets have been lost.
???Похоже, широко распространен эксплойт SOL, который истощает кошельки по всей экосистеме.
Вот что вы можете сделать прямо сейчас, чтобы лучше защитить себя
1. Перейдите в >Настройки на вашем @фантом бумажник
2. > Надежные приложения
3. > Отозвать разрешения для любых подозрительных ссылок?
— Волшебный Итен? (@MagicEden) 3 августа 2022
While the vulnerability causing the exploit remains unknown, Binance’s Changpeng Zhao and other pundits have confirmed that the exploit does not seem to be affecting cold wallets or central exchanges. Users have been advised that disabling permissions granted to suspicious links in their wallets may not be enough and have been instead encouraged to move their assets to cold wallets or central exchanges.
На Солане происходит активный инцидент с безопасностью. Во многих (7000+ и больше) кошельках нет SOL и USDC. Пока не знаю первопричины. Возможно, разрешения, предоставленные приложениям. Для исправления отправьте средства на холодный кошелек или CEX, например @Binance. https://t.co/nQrBXAgCbf
- ЧР? Binance (@cz_binance) 3 августа 2022
The information available shows that the attackers have somehow managed to gain access to the seed phrases of users. At the time of writing, the most popular theory is one suggested by Ava Labs CEO Emin Gün Sirer. According to Sirer, the exploit is likely a supply chain attack, as he suggests a JavaScript library may have been compromised.
Одним из возможных маршрутов является «атака на цепочку поставок», при которой библиотека JS взламывается и извлекает (крадет) закрытые ключи пользователей. Похоже, что затронутые кошельки были созданы в течение последних ~ 9 месяцев, но есть сообщения и о недавно созданных кошельках.
— Эмин Гюн Сирер? (@el33th4xor) 3 августа 2022
Meanwhile, Adam Cochran reports that most victims appear to be IOS users, with most of their wallet interactions on mobile. Phantom and Slope wallets’ users also appear to be the most affected.
1/3
Поговорил с пользователем, которого взломали как на Солане, так и на Эфириуме:
-Б/у iOS
-Кошельки были TrustWallet и Slope
-ERC20’s were stolen to: 0xc611952D81E4ECbd17c8f963123DeC5D7BCe1c27
-На стороне ETH был TrustWallet
-Активы были взяты одновременно— Адам Кокран (adamscochran.eth) (@adamscochran) 3 августа 2022
While there have been reports of a similar issue on Ethereum, these are very few, and it only appears to be the case when seed phrases are shared with Slope.
On-chain sleuth CIA Officer reports that the amount of stolen SOL per minute appears to be slowing down from 1K SOL per minute to less than 1 SOL per minute. Notably, not only SOL has been drained from the affected wallets but also stablecoins like USDC and USDT and assets like Bitcoin and Ethereum.
amount of sol stolen per minute going down. startet at ~1kSOL/minute, now at <1 SOL/minute: https://t.co/D90uCXh1Hl
- Офицер ЦРУ (@officer_cia) 3 августа 2022
Notably, a network validator has launched a DDOS attack on the network in an attempt to slow down the attacker.
according to solana validator discord, Jito is responsible for the network ddosing to slow down attacker and bringing down solana rpc in the process
- Офицер ЦРУ (@officer_cia) 3 августа 2022
Solana Status reports that engineers are currently working together to get to the root cause of the exploit as the community awaits further updates.
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.
- Статус Соланы (@SolanaStatus) 3 августа 2022
Solana, in recent years, has grown to become one of the most popular altcoins, sometimes even dubbed an “Ethereum killer.” However, in recent months, the network has been plagued by several outages and slowdowns. Consequently, it has attracted издевательство from the likes of Cardano chief Charles Hoskinson.
- Рекламное объявление -
Source: https://thecryptobasic.com/2022/08/03/scalability-speed-or-security-nearly-8000-wallets-drained-in-solana-ecosystem-exploit/?utm_source=rss&utm_medium=rss&utm_campaign=scalability-speed-or-security-nearly-8000-wallets-drained-in-solana-ecosystem-exploit