Non-custodial Solana crypto wallet Phantom is currently facing an exploit, with users losing all of their digital assets stored in their wallets – even those inactive for over six months.
Over $5 million worth of SOL tokens and $2 million SPL tokens – including USDC, Solend, CATO, Serum (SRM), and Radium (RAY) – have been stolen. At the time of writing, the attacker’s wallet still shows live transfers happening every minute.
Some users suspect the hack might be linked to Phantom wallets, but Phantom has posted a tweet denying it had to do anything with them.
Others suspect the attack might be linked to transactions on Solana-based (NFT) marketplace Magic Eden, although there are no confirmations yet. Magic Eden has posted a warning for its users.
According to Twitter user foobar, the exploit might not be because of a third-party approval but rather a potential widespread private-key exposure.
“The solution is to transfer assets into a wallet which has never exposed a private key to potentially vulnerable browser extensions,”
It also doesn’t seem to be limited to Solana-based wallets. Another user reported loss of his entire USDC held on SlopeFinance and TrustWallet.
If yesterday’s 190M Nomad bridge hack wasn’t concerning enough, this one should send shockwaves across the community to immediately act on improving security measures.
Following the news, Solana plunged 8% before recovering some of the losses, with a 40% increase over the previous day’s volumes, according to Coinmarketcap data.