Parallel to the ongoing investigation into the Solana fiasco, CZ warned investors about an “active Solana security incident” that was draining funds in SOL and USDC from over 7,000 wallets.
As Solana made headlines on Wednesday for falling victim to a hack, prominent crypto executives, including Binance’s Changpeng “CZ” Zhao, KuCoin’s Johnny Liu and OKX’s Jay Hao, recommended theirs to Solana (SOL) investors Move assets to their own exchanges as an immediate safety measure.
Numerous blockchain researchers and crypto investors have identified an alleged widespread private key compromise that allowed an attacker to steal native SOL tokens and Solana-compatible SPL tokens such as USD Coin (USDC) from phantom and slope wallets . The actual cause of the attack remains a mystery, however, as all parties, including Solana and the Phantom, denied having flaws on their ends. Phantom’s official position on the matter, as shared with Cointelegraph:
“We are working closely with other teams to understand the discovered vulnerability in the Solana ecosystem. The team does not currently believe this to be a Phantom-related issue.”
In tandem with the ongoing investigation into the Solana fiasco, CZ has alerted investors to an “active security incident on Solana” that has drained SOL and USD Coin (USDC) funds from over 7,000 wallets. His recommendation to unhacked investors was to move their holdings to a cold wallet or Binance.
Liu gave similar assurances to KuCoin users, confirming that the hack did not affect all of SOL’s assets; as he said:
“We are in close contact with Solana’s team and have blocked suspicious addresses as requested.”
However, Hao supported CZ’s recommendation and advised investors to move their assets to OKX to protect against hacking.
Amid uncertainty about the hacker’s potential and reach, other crypto exchanges such as Bybit have suspended all deposits and withdrawals on the Solana blockchain in advance.
Related: Hacker siphons $1.08 million from Audius after leaking malicious offer
The hack, which went through a malicious administrative proposal, resulted in the transfer of $6.1 million worth of tokens, with the hacker taking $1 million.
Speaking to Cointelegraph, Audius co-founder and CEO Ronald Rumburg clarified that no member of the community was involved in submitting the malicious suggestion:
“This was an exploit, not an offer made or submitted in a legal manner – it was just accidentally using the control system as a launchpad for an attack.”
Blockchain researcher Packshield later narrowed the bug down to inconsistencies in the Audius storage scheme.