According to Solscan.io in the last 24 hours, more than 15,000 Solana wallets have been affected by a hack exploiting the Solana-based browser wallet Phantom, resulting in the theft of more than $4.42 million worth of mostly Solana ($SOL) and USDC ($USDC) tokens.
Additionally, since the breaking news we saw the price of Solana dip down from $42.27 to $38.04 briefly, though it has since come back up to $40.14 at the time of writing this (though this is still significantly lower than it’s all time high last year of $258.93 prior to the large overall market crash).
I personally have been an avid user and advocate for the Solana network the last few years (despite their continuing network degradation issues) and am also a big investor in the Solana-based blockchain game Star Atlas.
While I have luckily not been affected as far as I can tell by this network hack, it’s definitely something I am keeping on my radar and want to make sure anyone else involved in the Solana network is aware of to make sure you’re taking the necessary precautions.
What Do We Know?
While engineers and blockchain programmers from around the world across various blockchain platforms (including those external of Solana) are all working together to figure out how and what has exactly happened, there are a few pieces of information we do know thus far:
- This hack seems to be specific to the use of browser-based wallets such as Phantom, TrustWallet, and Slope.
- The SOL and SPL transfers are being conducted by the wallet users themselves, indicating the exploit/hack most likely got a hold of the wallet’s seed phrase or private key and the hack is not coming from third party interactions or software.
How to Protect Yourself and Your Assets
Since the hack looks to be like a compromise of wallet seed phrases or private keys, revoking permissions to external or third party apps may not do anything from a security standpoint. With that being said, it’s always good to take as much precaution as we possibly can, thus you should revoke any suspicious Trusted App permissions within your Phantom wallet.
To revoke permissions:
- Open your Phantom browser wallet.
- Go to the Settings tab (gear icon)
- Click the Trusted Apps button.
- Click the “Revoke” button for any untrusted/suspicious third party apps.
Of course, software wallets will always be vulnerable in some way due to the nature of their design and being connected to the internet (to include seed phrases).
The best and most secure way to keep your assets safe on any blockchain is to use a hardware wallet such as Ledger, because with a hardware wallet your seed phrase never touches the internet and therefore can’t be compromised (provided you never type it in anywhere).
Therefore it is highly encouraged that if you do not already have a hardware wallet, you get one and move all of your assets to it as soon as possible. They’re extremely easy to use and the most secure option for storing your assets. You can get a Ledger hardware wallet here.
If you don’t have a hardware wallet and don’t have the ability to get one at this time, the next best course of action is to move all of your Solana assets to a trusted Centralized Exchange (CEX) such as Coinbase.
Is Solana Still Worth Investing In?
As far as we can tell, this hack has nothing to do with the Solana core coding, but rather has to do with coding in the individual third party wallet software.
Solana, along with many other blockchains, continue to have their ups and downs. While this is definitely a rough patch in the road, I still consider Solana to be a long-term successful project, and am going to take this opportunity of its price decrease as a way to increase my own holdings (buy when it’s low, sell when it’s high).
Between the facts that we are still in an overall crypto bear market, in an overall economic recession, and still extremely early from an overall crypto/blockchain development standpoint, I believe that in time we will see both Solana and the overall crypto market recover.
As the technology improves, more people get involved, and new security measures are put in place, the value will rise again and those who pass up on the opportunity to buy low will wish they had. It could be 1 year, could be 5 years, could be 10 years; but it’s only a matter of time.
Ask yourself this: do you wish you had invested in Amazon, Facebook, Instagram, or Snapchat 5 – 10 years ago? The time flies, and oftentimes it’s the things we don’t do that we regret, not the things we did.
*This is not financial advice, and I am not a professional financial advisor. All information presented in this article is based on my own personal opinion and my own personal research. Always conduct your own research or speak to a financial professional before making any financial decisions.*