'Malicious actor' drains $5.2 million in crypto assets from 8,000 digital wallets in one go

pcgamer.com:

Thousands of digital wallets on the Solana blockchain were drained of funds by a «malicious actor» last night. Over $5.2 million in crypto assets were lost in the attack, but Solana is blaming external software, stating that it's not an issue with its own blockchain.

Cybersecurity experts have surmised that it may be a vulnerability in the wallet software, not the Solana blockchain itself, which will at least be a relief for some. The last update from Solana from this morning says: «This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network.»

The attack drained over 8,000 wallets though that number could rise if more and more users report compromised wallets. The affected wallets include but are not limited to Solflare, Trust Wallet, Phantom, and Slope.

Phantom took to Twitter to say that it, too, is working with Solana though it says at «this time, the team does not believe this is a Phantom-specific issue.»

Solflare has posted some security updates and said, «we are following the situation closely, and we feel the pain in the community,» and accompanied it with a sad face emoji. 

An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.August 3, 2022

The root cause of the exploit is still being looked into, but OtterSec, a blockchain auditor, said on Twitter that the transactions were «signed by the actual owners, suggesting some sort of private key compromise.» They also claim that some users on the Ethereum blockchain