The CEO of the Solana platform, Anatoly Yakovenko has disclosed the attack on Apple wallets. He made this known as a hack on the Solana blockchain entered the 2nd day.
As of 5 a.m. UTC on Wednesday, the Layer 1 network said 7,767 wallets had been affected. A report from security firm Anchain estimated that more than $5 million in assets had been taken.
While it’s not yet confirmed what may be responsible for the exploit, Yakovenko said on Twitter the incident is likely a “supply chain attack” on wallets using Apple’s iOS operating system.
Supply chain attacks happen when a hacker enters and modifies software by injecting their malicious code in a system. The code inserts can be employed to deliver a malicious payload or backdoor malware. In Solana’s case, it’s possible that a hacker attacked its iOS wallet libraries to extract private keys, based on the team’s analysis.
The CEO came to his conclusion based the fact that exploited wallets didn’t have prior interactions with dApps and had remained inactive for some time. This indicates that hackers may have extracted private keys from Solana’s hot wallets not with the usual phishing attacks carried out with malicious links.
While more than 7,000 Solana wallets have been hit in this hack, that’s a tiny fraction of the total. There were about 25 million active addresses on the network in July, according to data compiled by The Block.
The Solana team previously stated that it had been working with engineers and several security firms to put its fingers on a definite vulnerability responsible for the incident. It also opened a survey to collect details on the 7,767 exploited wallets as it continues to look for further clues.
The latest wallet exploit is one among a series of issues plaguing the Solana blockchain. Despite being a widely-used Layer 1, Solana has suffered regular outages due to block congestion.