Wallets Drained In Solana Breach as Network Solicits Input From Users

Solana users report that their wallets are being drained in an ongoing exploit.

By: Aleksandar Gilbert Loading...

Wallets Drained In Solana Breach as Network Solicits Input From Users

Solana, one of the leasing challengers to Ethereum, is in the midst of an apparent system-wide breach, with users finding their wallets emptied and NFT marketplace Magic Eden urging others to change their wallet settings to protect any remaining assets. The platform has asked users who were affected to provide input in a survey for its engineers.

The exploit was first reported by Twitter user SolportTom.


This does not appear to be a bug with Solana core code, but in software used by several wallets popular among users of the network.

Crypto auditor OtterSec said at least 5,000 wallets had been compromised.

“These transactions are being signed by the actual owners, suggesting some sort of private key compromise,” OtterSec tweeted.

Users of at least three crypto wallet providers – Phantom, Slope and Trust – reported stolen assets Tuesday.

“There seems to be a widespread SOL exploit at play that’s draining wallets throughout the ecosystem,” Magic Eden tweeted just after 8 p.m. ET, before suggesting that users “revoke permissions for any suspicious links in their Phantom wallets.

Phantom says that the issue is not limited to its platform.

“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” the Solana wallet provider tweeted. “At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.”

Austin Fedara, Solana’s spokesman, said in a tweet sent early Wednesday morning U.K. time that the platform is working to get to the bottom of the exploit. “Much remains unknown at this point, except that hardware wallets are not impacted,” he said. ETH wallets may be compromised, he added.

Solana also tweeted a survey to gather data from users for its engineers, who are conducting a technical review to get to the root cause of the exploit.


Updated on August 3 to report Solana spokesman’s response and survey.