Tough day for everyone on Solana today, but here's a breakdown of what we know:
1/ At approximately 22:37 UTC yesterday a hacker began a widespread exploit, the extent of which has so far affected $4M+ of assets from 9.2k+ unique wallets.
2/ During the initial phase, funds were extracted at an aggressive pace with hundreds of thousands of dollars being lost minute to minute (all sizes here are converted to USD).
At 23:19 as we thought things were subsiding, another enormous outflow occurs in the order of $1-2M.
3/ I can't be certain if something changed in their strategy or whether they just happened to stumble across a number of large wallets (requires more digging).
As you can see at both peaks the average size of transactions is orders of magnitude higher, and predominantly in USDC.
4/ In terms of the rate of wallets being affected, there was a large outflow (SOL, USDC mostly) to begin with (note differing timescale here).
This dropped off after the first hour, but many smaller SOL and altcoin (not captured here) transfers continued for many hours post.
5/ Not too surprisingly, of the $4M+ that was stolen we can see that over 95% of that was USDC and SOL. There is definitely a longer tail of altcoins that have also been hit, but I'll leave that as an exercise to the reader.
6/ Over 9.2k wallets were affected, making it a much more widespread attack than others we've traditionally seen.
Some of the wallets hit biggest getting drained of up to 250k worth of assets. Painful reminder to get into the habit of using cold wallets!
7/ So where did the funds go?
Four addresses highlighted here are the recipients of all these funds. But wait... a co-ordinated attack between multiple parties?
8/ Alas, that's not the case here. As @zachxbt correctly pointed out, all four wallets were funded from the same wallet (which is in turn funded from Binance) mere minutes before the hack kicked off.
My guess is given this appears to be a compromise on the private keys of individual wallets, he might be enumerating a bunch of them from a key dump in parallel.
A lot of the effort did seem to be surprisingly manual and brute forced however.
10/ So what's the root cause of this vulnerability then?
Well the jury still seems to be out. A few suggestions have been thrown around with regards to bugs in digital signature algorithms and vulnerable code library dependencies.
11/ What we do know, however, is that this has affected a large swathe of wallets, operating systems and devices. It doesn't appear to be unique to one wallet provider either.
13/ If you want to help profile the nature of the hack and give security researchers more data into what might be going on, note your incident down in the following form:
16/ If you want to dig around with the data I've pulled together above, I've made a public Dune dashboard with all the queries open sourced for the community.
17/ From what we're hearing it's becoming clear that all affected users were using Slope wallet, which has been shown to leak private key mnemonics which were almost certainly compromised. Phantom still TBD.
I earned $1.4M in arbitrage profits on Solana in a single transaction. Here is how I did it.
A lot of people are messaging me about how to get started so I thought I would make a basic outline.
More detailed article to come so make sure to follow.
A thread 🧵
1. Programming fundamentals
It goes without saying that you need to have adept programming skills to make money doing MEV. I recommend starting with Scratch because of its extremely powerful visual programming model. Don't bother with outdated languages like Rust and C++ 👎
2. Learn arbitrage basics
Arbitrage is when the price differs between two different exchanges. The hidden secret of MEV is to buy low and sell high 🤯
On fast blockchains like Solana, the block times are faster which means more MEV 💰💰💰