Users report that the Solana ecosystem is being exploited by crypto. They claim that their funds were taken from their trusty, internet-connected “hot” wallets, including Slope, Phantom, and TrustWallet.
According to OtterSec, the attack is ongoing and more than 8,000 wallets have been compromised so far. Numerous Solana addresses were linked to the attack, where those wallets accumulated at least $5 million worth SOL, SPL and other Solana tokens from unsuspecting customers.

Although the exact cause of Tuesday night’s attack was not known, it seems to have primarily affected mobile wallet users. The attacker was able to sign (ie. The attacker was able to initiate and approve transactions on behalf of the users. This suggests that a trusted third party service might have been compromised during a supply chain attack.
“We are evaluating the incident impacting Solana wallets and are working closely with other teams in the ecosystem to get to the bottom of this. We will issue an update once we gather more information,” a representative of Phantom, the largest Solana hot wallet, told CoinDesk in a statement. “The team doesn’t believe this is a Phantom-specific issue at this time.”
At this time, it is not clear if the vulnerability is restricted to the Solana Blockchain. TrustWallet and Slope users reported that they lost USDC on Ethereum and Solana.
Solana – fifth largest blockchain by total value locked according to DefiLlama – has seen a rise in popularity over the last year due to its fast transactions and low fees. The native token SOL dropped 4% within hours of the attack.