Wallet provider Solana Phantom says its systems were not compromised in the August 2 hack. During this one, more than 8000 hot wallet A total of $4.08 million was siphoned off.
Thousands of empty wallets
On August 2, a new attack hit the Solana ecosystem. In a few hours, hackers emptied more than 8000 wallets. The total amount of loot today is estimated at $4.08 million.
Last February, an attack already occurred on Solana’s network and then caused a loss $320 million. At the time, the Wormhole platform was incriminated. The latter allowed the transfer of tokens between the Solana blockchain and other networks. An exploit allowed a hacker to steal 120,000 Ethereum.
This month, Solana immediately responded to the attack on her by dismissing any possibility of internal fault. The teams also said that after investigation it appears that the addresses involved in the hack were created, imported or used on the Fana or Phantom wallet applications. Later, Solana reviewed the incident and concluded the Slope’s sole responsibility.
Phantom controls failures in its systems
Wallet company Crypto Phantom claimed that no flaws were found in its program before the Solana hack. Initially, it was suspected that some of its products including the wallet, Sollet, had allowed the fraudulent intervention. Phantom said about it, on Twitter:
After nearly a week of investigation, our team has found no evidence that Phantom systems were compromised during the August 2nd security incident. The work is still ongoing, but given the seriousness of the situation, we would like to provide an update on what we have done so far.
In addition, a security audit company confirmed that no vulnerabilities that could enable the hack were detected. In addition, digital security firm Otter conducted an independent investigation into the August 2 hack. Afterwards, she concluded Phantom had no responsibility in the incident caused the dilution of $4 million.
Also, Otter said Sprán Fana is based on weak security standards. As proof, it has been noted that seed sentences, generated by Slope, was mistakenly sent to Otter’s servers in an unencrypted manner. According to the company, this flaw offered the opportunity for hackers to drain funds.
Some Phantom wallets are infected
Although there were reportedly no flaws in Phantom’s systems that could have enabled the August 2nd hack, several wallets hosted by the company fell victim to it. This could be done by connecting external wallets to those established on Phantom. The company said about it:
Although some Phantom users were affected, in every case we reviewed we found that they had imported their seed sentences or private keys to or from a non-Phantom wallet.
For his part, Slope made a desperate plea for the recovery of funds directed to the hackers. In it, the company promises to 10% bonus for scammers if they return the stolen funds within 48 hours. Slope also said he would not press charges if they comply. Not surprisingly, this request was unsuccessful.
Since then, Slope announced on Monday that their internal investigation was nearly complete. They also confirmed the continuation of their security audit in partnership with the company TRM Labs and the American authorities. It is not clear at this time whether legal action will be taken against the firm in New York.