Solana hot wallets reportedly being drained to unknown address “Htp9MGP” – totaling over $6M Solana hot wallets reportedly being drained to unknown address “Htp9MGP” – totaling over $6M
Uncertainty is creating true fear, uncertainty, and doubt in real terms for wallet owners on the Solana blockchain at present.
2 min read
Updated: Aug. 4, 2022 at 8:36 am UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Up to $6 million in crypto has been drained from Solana wallets within the last 10 minutes, according to CryptoSlate sources. Users are reporting that entire wallets have been drained of funds, with little currently known as to the source of the issue.
Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of no where.
Move everything to a ledger NOW.
Two wallets reported:
— Tom 《TYR》 (@SolportTom) August 2, 2022
Comments on just this post alone include many users claiming also to have had their wallets drained. No trend or source of the exploit has currently been identified.
Crypto trader Bilal Ahmed suggested to CryptoSlate that it may be related to an NFT mint by Rakkudo. Ahmed is aware of over 500 SOL being stolen from within his personal network of traders. Theorizing the cause of the event, Ahmed suggested,
“Rakkudo minted today, currently, it seems to be wallets linked to wallets that tried to mint. But it’s really odd as it’s also draining main wallets, not just burners.”
There has been no official statement from the Rakkudo team on its official Twitter account at this point.
Another Twitter user accused SolaLand of being responsible for the exploit resulting in the project posting the following tweet.
This is false information from a fake profile. It has only 20 followers, don't spread false infos. https://t.co/blRnB9bVS3 pic.twitter.com/QxyLTNqAFN
— SolaLand ▲ (@SolaLandHQ) August 2, 2022
Uncertainty is creating true fear, uncertainty, and doubt in real terms for wallet owners on the Solana blockchain at present.
Although the cause of the exploit is yet unknown, Oone wallet, in particular, has been mentioned throughout the reports. “Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV” currently has a balance of $6 million, with the majority being stablecoins. The wallet received hundreds of transactions from unique addresses at 23:22:57 PM +UTC on Tuesday, August 2.
Youness Kasmi, founder of Private Foxes, also identified 2 other wallets draining users’ funds.
Drainer wallets:
CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy— Youness KASMI ($c1f3) (@kasmiyouness1) August 3, 2022
This is a developing story, and the article will be updated with further news.
UPDATE: Magic Eden is now also telling users to revoke permissions to dApps.
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
Here's what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links💜
— Magic Ethen 🪄 (@MagicEden) August 3, 2022
UPDATE August 3, 10 AM BST: Reports suggest the exploit is related to Phantom wallets as seemingly no hardware wallets have been affected at this point. The project tweeted that it is working with “other teams” but believes it is not a “Phantom-specific issue.”
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.
As soon as we gather more information, we will issue an update.
— Phantom (@phantom) August 3, 2022
Foobar is now declaring that the issue may be related to the compromised private keys of the affected wallets. The assumption is founded on the fact that tokens such as USDC have been sent as direct transfers to another wallet instead of interacting with a smart contract that requires approvals. Token transfers are signed by the users themselves, thus pointing toward private keys being compromised.
🚨 Widespread Solana private key compromise 🚨
– attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
– affecting wallets that have been inactive for >6 months
– both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q— foobar (@0xfoobar) August 3, 2022
UPDATE August 3, 9.45 PM BST: Read our follow-up article here for further information.
Author 
Liam 'Akiba' Wright
Also known as "Akiba," Liam is a reporter, editor and podcast producer at CryptoSlate. He believes that decentralized technology has the potential to make widespread positive change.
Latest Solana Stories
Latest Press Releases
In this article
Solana is a high-performance blockchain platform that utilizes a unique consensus algorithm called “Proof of History” to achieve fast transaction speeds and low fees.
