Supply chain attacks steal crypto assets

The Solana ecosystem has been targeted by hackers, who have stolen cryptocurrency from thousands of associated wallets. Solana has previously received praise as one of the quicker and most affordable ecosystems for trading digital assets, a reputation that is likely to be shattered now that it appears so easy to steal from them.

According to Solana's official Twitter account, the hack affected 7,767 wallets, and just over $5.2 million in cryptoassets stolen, including those run by Phantom and Slope, two third parties. Although the business made no mention of the attack's origin, it did state that there was no proof that hardware wallets, or those not linked to the internet, had been impacted.

“Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time,” said the company in a tweet.

Anatoly Yakovenko, a co-founder of Solana, provided a little additional information about the breach on Twitter, saying it appeared to be a supply chain attack that targeted both iOS and Android applications (meaning that the attackers exploited some weakness in connected apps or browser extensions).

Both Solana's own cryptocurrency (SOL) and others that are compatible with the Solana blockchain, such as the stablecoin USD Coin, appear to have been stolen by hackers (USDC). Although the attack is still underway, estimates from independent analysts and security firms indicate that the value of the assets taken is currently in the high single-digit millions of dollars.

Supply chain attacks, like data breaches, entail a compound risk with a multiplicative effect on the tech industry and beyond. As you read this, while they spend the 5m they have stolen they will also be preparing to execute follow-up assaults that are more difficult to detect by striving to validate the data they have stolen from Solana with already-existing information on those that hold the wallets, making identity theft, business email compromise, and man-in-the-middle attacks all more likely to succeed in the coming months.

The more information an adversary has about their targets and the connected people in their ecosystem, the better they will be able to attack any of them.

Digital assets are destined to attract bad actors as they mature and lose their stigma to become a trustworthy category of financial assets. Their acts will be more incisive the greater the reward at the conclusion of their compromise attempt.

Supply chain security is therefore essential for fostering confidence and fostering the long-lasting credibility that digital assets merit.

To learn more about Nightingale and the wider Crossword cyber services that can help you mitigate supply chain attacks please drop me a line [email protected]