As Solana makes headlines for succumbing to a hack on Wednesday, prominent crypto CEOs including Binance’s Changpeng “CZ” ZhaoKuCoin’s Johnny Lyu and OKX’s Jay Hao – recommended that Solana (FLOOR) investors transfer their assets to their own exchanges as an immediate safety measure.
Many blockchain investigators and crypto investors have reported an alleged widespread private key compromise, allowing the attacker to steal native SOL tokens and Solana-enabled SPL tokens such as USD Coin (USDC) of the Phantom and Slope wallets. However, the root cause of the attack remains a mystery as all parties, including Solana and Phantom, have denied wrongdoing on their ends. Phantom’s official stance on the issue shared with Cointelegraph:
“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
Along with ongoing investigations into the Solana fiasco, CZ warned investors of an “active security incident on Solana” that has drained funds into SOL and USD Coin (USDC) on more than 7000 wallets. His recommendation to non-hacked investors was to transfer their assets to a cold wallet or Binance.
There is an active security incident on Solana. Many wallets (over 7000 and counting) are emptied of SOL and USDC. I don’t know the root cause yet. Maybe app permissions. To remedy, send the funds to a cold wallet or CEX like @Binance. https://t.co/nQrBXAgCbf
— CZ Binance (@cz_binance) August 3, 2022
Lyu gave a similar assurance to KuCoin users as he confirmed that not all SOL assets were affected by the hack; as he says:
“We are in close contact with the Solana team and have blocked suspicious addresses as requested.”
Hao, however, echoed CZ’s recommendation in advising investors to transfer their assets to OKX to protect against hacking.
There are reports that a huge #solana hack has over 7,500 drained hot wallets.
It may be advisable to transfer your funds to a hardware wallet or trusted exchange like #OKX to protect you from this hack.
Stay safe there.
— jay_star.okx ⚛️ OKX CEO (@star_okx) August 3, 2022
Given the uncertainty surrounding the potential and scope of the hacker, other crypto exchanges such as Bybit have proactively suspended all deposits and withdrawals of assets on the Solana blockchain.
A hack that adopted a malicious governance proposal resulted in the transfer of tokens worth $6.1 million, with the hacker taking home $1 million.
Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report to you as soon as we know more.
If you would like to help our response team, please contact us.
— Audius (@AudiusProject) July 24, 2022
Speaking to Cointelegraph, Audius co-founder and CEO Roneil Rumburg clarified that no member of the community was involved in the adoption of the malicious proposal:
“This was an exploit – not a proposal offered or conveyed through legitimate means – it just happened that the governance system was being used as an entry point for the attack.”
Blockchain Investigator Peckshield Later Shrunk Blame it on inconsistencies in Audius’ storage layout.