current position:Home>Mass theft of Solana wallets points to supply chain software

Mass theft of Solana wallets points to supply chain software

2022-08-04 10:32:02golden finance

In order to avoid similar incidents assets loss,User had better use hardware purse.

撰文:凯尔

「Seem to have a widespread vulnerabilities can run out of the whole Solana Purse of ecosystem assets.」8 月 3 日早间,Solana 生态的 NFT 市场 Magic Eden The tweets spread in the block chain industry.

紧接着,A massive user property theft staged under the nose of the people.According to many security companies to track,失窃的 Solana Purse number from 5000 A sustained growth,截至下午 1 点,大约有 7767 A purse stolen assets,All kinds of encryption assets and NFT 被转走.

可怕的是,Although the industry has realized loopholes exist,但截至发稿,The source of vulnerability has not yet found.而在此期间,Hackers continued hollowed users purse.

According to the slow fog security team to track,约有 5.8 $encryption assets into 4 An attacker address.Due to the attack of the attack is not for single agreement,More like a hacker to crack a lot of user private key.Slow fog speculation,Problem could be out on the supply chain software.

「供应链攻击」Is a new type of attack tactics.Attackers often in upper or middle step in,After its malicious activity and the effect to downstream spread to more users.因此,Compared with isolated security holes,Supply chain against it once,Loss is bigger、影响更深远.Security officials speculated,May be users use one mobile wallet appeared holes,Lead to the private key is exposed.

目前,Solana 官方团队 Solana Status Has released a form,Collect related information from stolen user,To analyze loopholes in.Security sources suggest,In order to avoid similar incidents assets loss,User had better use hardware purse,And create a new word mnemonic,There has been a problem or have a private key leak risk shall be deemed to be damaged purse and discard.

Unknown vulnerabilities to Solana 近 8000 A purse stolen

8 月 3 日,A massive hacking across Solana 公链.According to the morning Solana 生态 NFT 市场 Magic Eden Release warning,Seem to have a widespread vulnerabilities can run out of the whole Solana Purse of ecosystem assets.

紧接着,Block chain audit security team OtterSec 披露,在过去几个小时内,已有超过 5000 个 Solana The purse money being stolen,OtterSec 分析显示,The deal is signed by the actual owner,This suggests that there are private key leak.The vulnerability may also affect the ETH 用户.

Solana Chain mass theft purse caused panic among the users quickly.And losses from behind the attack is not stop,In the event the fermentation process,Continues to move a user.

当日上午 10 点 30 分许,Alavanche 公链创始人 Emin Gün Sirer 监测到,针对 Solana Attack of ecosystem in the continuous,The increase in the number of stolen wallet to 7000 多个,「And is in every minute of the day 20 个的速度增长.」

Emin Gün Sirer Monitoring stolen wallet number continues to grow

Emin Gün Sirer Also noticed the details of transaction signature,He thinks that the attacker is likely to have gained access to the private key.

If there is a wide range of private key leak,Means that the user's purse money may withdraw at any time by hackers.在恐慌情绪下,Many users have login wallet transfer funds,避免资产损失.

A wide range of hacker attacks caused many Solana Alert the ecological project.

Move to Earn 应用 STEPN Post to alert users to,If the unmanaged wallet from external import or export STEPN,Need to check whether there is any assets lost the wallet,The user should be in time from the wallet assets,或从 STEPN Application to generate a new unmanaged purse.

Magic Eden Also post again remind said,User had better use the new word mnemonic to create a new purse,并把所有 NFT And liquidity encryption assets transferred to the new purse,More safety is put all assets in the cold purse.

Due to the theft of feature points to the private key to reveal,Solana Ecological wallet application high-profile.According to many stolen user feedback,They use more Slope 和 Phantom The wallet generated account.Some preliminary suspect,May be loopholes in wallet service,The user's private key is exposed.

而 Phantom Purse don't think this is the issue of its characteristic,According to the official announcement to the wallet,Temporarily unable to find out Solana In the ecological system vulnerability,「We are working closely with other teams,Once collected more information,我们将发布更新.」

截至 8 月 3 日下午 1 点,The source of the theft is still not found,Continues to have users reported stolen assets.根据 Solana The official development team Solana Status Release of attack update,大约有 7767 A purse affected,「Engineers are currently with multiple security researchers and ecosystems team,To determine the root cause of the exploit」.

The industry analysis of the attack suspected「供应链攻击」

The history of a wide range of attack in the chain of blocks when the first time.过去,Most of the hacker attacks more focused on a single exchange、Application protocol or across the chain on the bridge,Such as leaky agreement a chain,The user within the agreement money「一锅端」.而此次,Hackers are more like unknown cracked by a large number of user private key,And one by one, turn off the user assets.

According to the slow fog security team the track of the events,约有 5.8 $encryption assets into 4 An attacker address.「Many victims of feedback,They used a variety of different wallets,Give priority to with mobile wallets,We speculate that the problem may appear on the supply chain software.」

Emin Gün Sirer 也认为,One possible approach is to supply chain to attack,其中 JS The library was hacked,Steal the user's private key.

「JS 库」Generally refers to be encapsulated JavaScript 函数,Its characteristic is can be directly in the program to call.Stolen from some user feedback,Stolen wallet seems to be in the past 9 Months to create,But there are also reports say the new create also affects the wallet,Therefore temporarily unable to determine which supply chain software appeared holes.

For some users can use the transaction rollback way back user assets,There are security sources said this way does not apply to this event,「Unable to distinguish what kind of trading is the user's own signature.」

值得注意的是,Although the attacks affected users huge,且 Solana Network have appeared in the caton and part of the application of interrupt service,But the underlying chain run unaffected.Solana 验证节点 Laine 发文称,Solana 多个 RPC Node seems to have stopped the service request,May caused by overload or deliberately,但 Solana Block belongs to the normal operation of the chain.

The above information will be the source of the security incident pointed to the「供应链攻击」.This is a new type of attack technique,Especially in pay attention to the mutual coupling intelligent contracts Web3 的领域,Attackers often in upper or middle step in,After its malicious activity and the effect to downstream spread to more users.因此,Compared with isolated security holes,Successful supply chain against losses from larger,影响更深远.

8 月 3 日下午,Solana Status Has released a form,Used to stolen user collect related information,To analyze loopholes in.

Solana Status Collect user information analysis stolen reason

根据最新消息,Solana Labs 联合创始人 aeyakovenko 透露,The attack seems to be iOS Supply chain is under attack,Where multiple received only SOL And there is no other interaction credible purse affected,They had the private key generated outside the import iOS.But he couldn't confirmed this speculation,「Just all the confirmed information is iOS 设备,But it may be because of its popularity.」

关于 Solana More details and the reasons of the large-scale theft remains to be further analysis and security team to disclose.值得警惕的是,「供应链攻击」Approach seems to have begun to permeate block chain field,The user when the application is in the use of chain,May be encrypted wallet、Input method, etc Web2 程序存在漏洞,导致私钥泄露.Security sources suggest,In order to avoid similar incidents assets loss,User had better use hardware purse,And create a new word mnemonic,There has been a problem or have a private key leak risk shall be deemed to be damaged purse and discard.

copyright notice
author[golden finance],Please bring the original link to reprint, thank you.
https://en.netfreeman.com/2022/216/202208041028262867.html

Random recommended