12 Feb 2025

light mode

Solana exploit. How to protect your SOL and USDC

Solana exploit. How to protect your SOL and USDC

The parable that Solana is in only two aggregate states (either a shutdown or an exploit) will apparently never get old.

On this page

As we’ve written earlier, 8,000 user wallets have been robbed for an average of $1000 each.

So, if your SOL and USDC are still on your balance, it’s not your doing – it’s the hackers’ fault. Just kidding, but as we all know, there is truth in every joke. Now, while Solana and white hat hackers collaborate with hacked wallet teams to find vulnerabilities, it makes sense to think about your cybersecurity again.

Let’s try to solve this non-trivial problem with a simple “Given-Find-Solution” scheme. All we need to do is to be sure we know the parameters (“Given”) and to have a clear idea of what result we are interested in (“Find”).


Given:

“a” = Users were robbed in a very brutal way. They didn’t sign anything, didn’t go to phishing sites, and didn’t do any activity. Many of them were sleeping peacefully. That said, the transactions were done, and the blockchain records were legitimate.

“b” = It is already established that no direct hacking of Solana/Ethereum blockchains occurred.

“c” = Some iOS/Android mobile wallets were hacked. For example, hardware wallets like Ledger retained assets. Accounts on centralized exchanges (like FTX or WhiteBIT) were also safe.

“d” = All affected wallets were not active in the last 6 months (that is, it affected HODL’ers and not some noobs). 

“e” = Preliminary investigation showed that the libraries of the corresponding wallets on Github may have been compromised.

“f” = “crypto is not a scam”. We’re not yet ready to become disillusioned with technology in order to go off to grind a blank in a factory and hoard cut-up paper with portraits of dead people for the rest of our lives, which will, in all likelihood, also depreciate.


Find:

A plan where our SOLs and USDCs are always in the place we last put them, regardless of whether the hacker repeats his maneuver.


Solution:

Assuming the hacker repeats his algorithm (and why not repeat it if you’re not in jail yet, there’s $8 million at stake, and you’ve done it before?), the conclusions are as follows:

1. You must move your funds to a place that is known to be safe. As we already know, these can be hardware vaults or secure custodial wallets like blockchain.com wallet.

2. Given that the problem is specific to mobile apps, you should consider switching to browser-based versions of wallets with two-factor authentication.

3. It makes sense to cancel all the automatic confirmations (“ticks”) that you may have recklessly put in any DApps on your phone.

4. HODL is a serious and long-term project that doesn’t go with storage on a smartphone that can freeze, crash, and get lost.


Update

All the teams whose users were affected by the exploit (Solana Labs, Slope, Phantom, Trust Wallet) and several public blockchain engineers have issued their investigations. The only version that remains tentatively proven is a problem on the Slope wallet side.

“The compromised addresses were generated, imported, or used specifically in Slope’s mobile wallet.”

Slope developers have recommended that users immediately transfer the remaining funds to new wallets, making sure to change the seed phrase. However, will this change anything if it is proven that the user’s seed phrases were stored on the wallet’s server? The question is rhetorical.  

The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.

Articles by this author

Latest News

MORE
From Viral Fame to Crypto Shame: The Haliey Welch $HAWK Saga

From Viral Fame to Crypto Shame: The Haliey Welch $HAWK Saga

Haliey Welch, better known as Hawk Tuah Girl, rose to fame on TikTok with her infectious energy and the catchphrase “Hawk Tuah,” which quickly became an internet sensation. But when she stepped into the crypto world with her own meme coin, HAWK, the spotlight shifted from success to controversy after its dramatic crash.

12 Feb 2025
Hacker Behind SEC Breach Faces $50,000 Forfeiture Deal

Hacker Behind SEC Breach Faces $50,000 Forfeiture Deal

A plea deal could be on the table for the hacker behind the SEC account breach, but it comes at a price—a $50,000 asset forfeiture.

12 Feb 2025
Tesla’s Bitcoin Bet Is Paying Off—$600 Million in Gains

Tesla’s Bitcoin Bet Is Paying Off—$600 Million in Gains

Tesla is back in the financial headlines, revealing a $600 million paper profit from its Bitcoin holdings in Q4 2024—proof that Tesla Bitcoin collateral play is still paying off.

12 Feb 2025
OpenSea Foundation Mystery: Coincidence or Cover-Up?

OpenSea Foundation Mystery: Coincidence or Cover-Up?

NFT marketplace OpenSea has attracted crypto Twitter (X)’s attention with a token airdrop and KYC uncertainties.

11 Feb 2025

Latest News Alt

MORE
Weekly Analysis of BTC, ETH, and the Stock Market (Feb 3, 2025)

Weekly Analysis of BTC, ETH, and the Stock Market (Feb 3, 2025)

An overview of BTC, ETH, XAUT, and S&P500 charts, and the current cryptocurrency market dynamics.

03 Feb 2025
Weekly Analysis of BTC, ETH, and the Stock Market (Jan 27, 2025)

Weekly Analysis of BTC, ETH, and the Stock Market (Jan 27, 2025)

An overview of BTC, ETH, XAUT, and S&P500 charts, and the current cryptocurrency market dynamics.

27 Jan 2025
Weekly Analysis of BTC, ETH, and the Stock Market (Jan 13, 2025)

Weekly Analysis of BTC, ETH, and the Stock Market (Jan 13, 2025)

An overview of BTC, ETH, XAUT, and S&P500 charts, and the current cryptocurrency market dynamics.

13 Jan 2025

Might Be Interesting

MORE
From Bulls to Ballers — Why Celebrities Are Flocking to Crypto

From Bulls to Ballers — Why Celebrities Are Flocking to Crypto

Trump’s meme coin isn’t an outlier—it’s part of a broader trend. Back in 2021, celebrities were minting NFTs, and by 2024, they had moved on to personal token launches. The connection between fame and crypto has been growing for years, even if many failed to see it.

11 Feb 2025
Which Macroeconomic Factors Make Crypto Rise or Fall? 

Which Macroeconomic Factors Make Crypto Rise or Fall? 

It happens when you check the market and crypto prices are up or down for no obvious reason. Then you do some research and find out that there are actually reasons outside the crypto space.

11 Feb 2025
How Blockchain Helps Combat Disinformation

How Blockchain Helps Combat Disinformation

Fake news has become a global issue, shaping public opinion, fueling social tensions, and even influencing political decisions. With the rise of social media, the spread of misinformation has accelerated, making it increasingly difficult to regulate. However, blockchain technology offers a promising solution in the fight against fake news.

07 Feb 2025
Trading Psychology: How to Avoid Falling Victim to Your Own Biases

Trading Psychology: How to Avoid Falling Victim to Your Own Biases

The most successful traders aren’t always the smartest. More often, those who excel are the ones who understand psychological traps, manage their emotions, and maintain rationality under pressure.

03 Feb 2025
Liquidity Pools — The Engine Driving DeFi

Liquidity Pools — The Engine Driving DeFi

Liquidity pools fuel DeFi by enabling instant token swaps, but what exactly are they? These crowdsourced reserves make decentralized trading possible—but they also come with risks. Here’s what you need to know before diving in.

31 Jan 2025
Bitcoin Name Service — Making Web3 Addresses Easier to Read

Bitcoin Name Service — Making Web3 Addresses Easier to Read

As the Bitcoin blockchain evolves, new opportunities are emerging for users to interact with DEX technologies. One of the major advancements is the Bitcoin Name Service (BNS)—a protocol that replaces complex web3 addresses with names that are easy for humans to understand.

29 Jan 2025

Opinions

Countries Are Minting Coins – But Should They?

Countries Are Minting Coins – But Should They?

A new trend has been rising: nations launching their own cryptocurrencies. But we’re not talking about Central Bank Digital Currencies (CBDCs) – we’re talking about memecoins.

12 Feb 2025
Vitalik Buterin Discusses AI’s Use in Article Writing

Vitalik Buterin Discusses AI’s Use in Article Writing

Ethereum co-founder Vitalik Buterin started a discussion on X about using AI in article writing, and he’s not a fan.

11 Feb 2025
MORE

Interviews

«Mass Adoption Isn’t About Tech – It’s About Perception». Bitmedia Founder Matvii Diadkov – About RWA, Web3, And Marketing

«Mass Adoption Isn’t About Tech – It’s About Perception». Bitmedia Founder Matvii Diadkov – About RWA, Web3, And Marketing

Matvii Diadkov, founder of Bitmedia, shared with us in an exclusive interview his expert insights on Web3 adoption, impact of GameFi and community-centering tendencies in the market.

11 Feb 2025
“Satoshi is CIA”: Swedish crypto bro opens up about his Bitcoin journey

“Satoshi is CIA”: Swedish crypto bro opens up about his Bitcoin journey

The first crypto craze took place almost a decade ago. Overnight, many people found out about Bitcoin and its underlying technology, blockchain.

31 Jan 2025
MORE