Tough day for everyone on Solana today, but here's a breakdown of what we know:

1/ At approximately 22:37 UTC yesterday a hacker began a widespread exploit, the extent of which has so far affected $4M+ of assets from 9.2k+ unique wallets.
2/ During the initial phase, funds were extracted at an aggressive pace with hundreds of thousands of dollars being lost minute to minute (all sizes here are converted to USD).

At 23:19 as we thought things were subsiding, another enormous outflow occurs in the order of $1-2M.
3/ I can't be certain if something changed in their strategy or whether they just happened to stumble across a number of large wallets (requires more digging).

As you can see at both peaks the average size of transactions is orders of magnitude higher, and predominantly in USDC.
4/ In terms of the rate of wallets being affected, there was a large outflow (SOL, USDC mostly) to begin with (note differing timescale here).

This dropped off after the first hour, but many smaller SOL and altcoin (not captured here) transfers continued for many hours post.
5/ Not too surprisingly, of the $4M+ that was stolen we can see that over 95% of that was USDC and SOL. There is definitely a longer tail of altcoins that have also been hit, but I'll leave that as an exercise to the reader.
6/ Over 9.2k wallets were affected, making it a much more widespread attack than others we've traditionally seen.

Some of the wallets hit biggest getting drained of up to 250k worth of assets. Painful reminder to get into the habit of using cold wallets!
7/ So where did the funds go?

Four addresses highlighted here are the recipients of all these funds. But wait... a co-ordinated attack between multiple parties?
8/ Alas, that's not the case here. As @zachxbt correctly pointed out, all four wallets were funded from the same wallet (which is in turn funded from Binance) mere minutes before the hack kicked off.

9/ What could be the reason?

My guess is given this appears to be a compromise on the private keys of individual wallets, he might be enumerating a bunch of them from a key dump in parallel.

A lot of the effort did seem to be surprisingly manual and brute forced however.
10/ So what's the root cause of this vulnerability then?

Well the jury still seems to be out. A few suggestions have been thrown around with regards to bugs in digital signature algorithms and vulnerable code library dependencies.

11/ What we do know, however, is that this has affected a large swathe of wallets, operating systems and devices. It doesn't appear to be unique to one wallet provider either.

12/ A lot of reports point to mobile wallet seed creation, and it has been shown to have affected both iOS and Android devices alike.

13/ If you want to help profile the nature of the hack and give security researchers more data into what might be going on, note your incident down in the following form:

15/ Keep up with the latest investigation from the champions here: @aeyakovenko @zachxbt @0xfoobar @officer_cia @samcz
16/ If you want to dig around with the data I've pulled together above, I've made a public Dune dashboard with all the queries open sourced for the community.…
@zachxbt @binance possible lead to investigate further?

Funding tx here:…
17/ From what we're hearing it's becoming clear that all affected users were using Slope wallet, which has been shown to leak private key mnemonics which were almost certainly compromised. Phantom still TBD.

Similar story here:
19/ Mnemonics available in plaintext from the slope API, absolutely cavalier security for a wallet...

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Tristan ζ (in Seoul 🇰🇷)

Tristan ζ (in Seoul 🇰🇷) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Tristan0x

May 28
I earned $1.4M in arbitrage profits on Solana in a single transaction. Here is how I did it.

A lot of people are messaging me about how to get started so I thought I would make a basic outline.

More detailed article to come so make sure to follow.

A thread 🧵
1. Programming fundamentals

It goes without saying that you need to have adept programming skills to make money doing MEV. I recommend starting with Scratch because of its extremely powerful visual programming model. Don't bother with outdated languages like Rust and C++ 👎
2. Learn arbitrage basics

Arbitrage is when the price differs between two different exchanges. The hidden secret of MEV is to buy low and sell high 🤯

On fast blockchains like Solana, the block times are faster which means more MEV 💰💰💰
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!