In these hours, a malicious actor exploited an unspecified vulnerability to further drain 7,000 wallets of the network Solana, the most popular alternative cryptocurrency to Ethereum. At the time of writing, the ways in which this unprecedented attack was made possible are not well known.
Hundreds of testimonials are spreading on Twitter: some users have lost thousands of euros in a short time. In at least one case, more than $500,000 was stolen. While in the past this type of theft has usually been associated with reckless user behavior, this time it appears that wallets are emptied without the victim committing a significant misstep – for example, by hitting a malicious link or by authorizing one dApp unreliable.
2 / More than 7,000 wallets affected. Over $7 million. from 10 p.m. EST.
List of affected wallets below, with hackers wallet at the tophttps://t.co/5aCn22ydGl
– Kiyomi (104) (@kiyomiwallet) August 3, 2022
Crypto influencer Kiyomi posted a lengthy Twitter thread with all the information currently available on what has already been renamed’The big drain‘:
https://t.co/cUZcqIdWNN
this wallet has NOW used up 500k USDC absolutely everyone is being sucked out holy shit move your shit to ledgers ASAP— Paladin (@nftpeasant) August 2, 2022
How To Secure Your Solanas Waiting To Find Out What’s Up
Magic Eden, the premier NFT marketplace in the ecosystem Solana, advised all users to transfer all their assets to a new wallet. Whenever possible, users should use what is commonly referred to as a ‘cold wallet‘, which is a hardware wallet and not connected to the web – unlike Phantom, to understand, the most popular hot wallet for Solana that is available both as an app for Android and iOS, and as a browser extension.
There appears to be a widespread SOL exploit in play that is draining wallets across the ecosystem
Here’s what you can do now to best protect yourself
1. Go to > Settings on your @phantom wallet
2.> Trusted apps
3.>Revoke permissions for suspicious links– Magic Ethen
(@MagicEden) August 3, 2022
If you don’t need to manage dozens of different cryptocurrencies, we recommend relying on the Ledger Nano S Plus wallet, which is one of the best value for money.
Buy it on Amazon.it
While waiting to be able to transfer the money to a cold wallet, it is: base that the user removes any authorization granted by his wallet phantom. Given the extraordinary nature of the situation, it is imperative to also remove the authorizations for sites and dApps that are generally considered trustworthy, such as Magic Eden, Matrica and Mercury. To our knowledge, one or more of these sites may have been compromised.
8 / Here’s a video on how to revoke app access on Phantom
CC: @Cryptorata pic.twitter.com/PBK1RLgCab
– Kiyomi (104) (@kiyomiwallet) August 3, 2022
Source: Lega Nerd
