What was happening became known at the third hour of the morning. According to the Twitter user Tom TYR he noticed a massive withdrawal of funds from the wallets of users on the Solana network. And in this case their entire balance was withdrawn without any action, i.e. deliberate signing of the transaction.

The problem has been particularly massive for users of Phantom Wallet, one of the most popular non-custodial solutions based on the Solana network. Representatives of the project responded to what’s happening in a tweet. Here’s a line from the post.

We’re working closely with other teams to sort out the vulnerability found in the Solana ecosystem. At this point, team representatives do not believe the problem is solely related to Phantom. We will release an update as soon as we get more information.

As it turned out later, Phantom representatives were right: not only Phantom users have experienced the loss of funds. There is also evidence of similar cases among users of Solana-based Slope and TrustWallet on the Etherium network.


Let's make it clear right away that we're not talking about hacks of the Solana blockchain itself - or of Etherium at the same time. The root of the problem most likely lies in the application libraries, but we have not yet been able to identify the final cause of the problem.

That is, people have been losing their money without carrying out any transactions. An example of such a thing is a tweet of a Twitter user nicknamed Mr Mugeez. As you can understand from his posting he lost 3 SOL in the equivalent of about $120 and 604 USDC.

A well-known representative of the cryptocurrency community under the nickname Justin.sol was also a victim. As he noted in the tweet, all of his USDC went to the hacker. However, he did not interact with smart contracts using this address for 40 days, and his USDC in the form of ERC20 tokens and SPL were in TrustWallet and Slope wallets.

Seasoned blockchain users immediately thought that the problem was the permissions that wallet owners gave to certain decentralized applications. This scheme is particularly popular with hackers, who force victims to sign a transaction to disguise some inappropriate permissions in it – for example, to withdraw funds. This allows fraudulent developers to steal other people’s tokens without the victim’s involvement.

That’s why representatives of an NFT trading platform called Magic Eden recommended users to disable all suspicious permissions within the Phantom wallet. To do so, go into the settings.

However, this didn’t help and the problem became more and more widespread. According to Solana Status representatives, as of 8am the hack had affected around 7,767 wallets – which is exactly how many Phantom users had lost their money.

Ava Labs creator Emin Gun Sirer has commented on the incident. He said it could be a case of hijacking JS libraries from individual apps and then extracting private keys. This is supported by the fact that the hackers signed transactions using the victims’ private keys – and therefore had access to them.

Representatives of blockchain explorer Etherscan reacted to what was happening. They tagged the hacker’s address with the appropriate tag “This address is reportedly involved in the hacking of Solana and Ethereum-based mobile wallets”.

The hacker’s address in the Etherscan browser


What to do in response to what is happening? Experts recommend withdrawing coins from Phantom, Slope and TrustWallet to Ledger-type hardware wallets. If there is no device, you should send the cryptocurrency to a centralised exchange.

We did the transaction by sending a small supply of SOL on the Phantom mobile wallet to the cryptocurrency exchange. In the end, the transfer took place, which means the money is safe.

Successful transaction we conducted from the Phantom mobile app this morning

As Anatoly Yakovenko, co-founder of Solana Labs, has just pointed out, the whole thing is reminiscent of a so-called supply chain attack on iOS devices. According to him, the victims of the hack were wallets that only received SOL, and did not conduct other transactions.

So, what conclusions should be drawn from the situation.

  • Solana and Etherium blockchains are not hacked, but are operating normally.
  • What is happening resembles an attack on the supply chain for the sake of stealing users’ private keys.
  • SOL and ETH-based assets inside Phantom, Trust Wallet and Slope have been affected.
  • Ledger-type hardware wallets were not affected by the hack, which is another argument in favour of buying such devices.

A cryptocurrency investor with a Ledger hardware wallet


We think the current situation is extremely unpleasant, while it is quite predictable to question the trustworthiness of decentralized networks. However, it is important to understand that hackers did not hack Solana or Etherium, but took a less obvious route.

What happens to the losses, which definitely exceeded the $6 million mark, is unknown. Either way, we recommend keeping a serious supply of coins in hardware wallets, while keeping the mnemonic phrase out of reach of others. This will keep most of the cryptocurrency safe.

What do you think about this? Share your opinion in our millionaires cryptochat. We’ll talk about other important topics there as well.