An attacker appears to be draining SOL and SPL tokens in an apparent exploit on the Solana network.
Solana auditor OtterSec tweeted this evening that more than 5000 Solana wallets have been drained in the past few hours, corroborating numerous reports from people on Twitter claiming their balances have disappeared. OtterSec's analysis showed the transactions were signed by the owners, which the auditor said suggested a private key compromise. The exploit may also affect ETH users.
Wallets that have been inactive for more than six months appear to be those hardest hit, according to reports on Twitter. Users of Phantom and Slope wallets say they have lost funds.
"We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem," tweeted Phantom. "At this time, the team does not believe this is a Phantom-specific issue."
At time of publication, it is unclear where the exploit originated. Non-fungible token marketplace Magic Eden recommended users to revoke permissions for any suspicious links within Phantom wallets in a tweet to users. Gaming firm Star Atlas issued a community warning to users, saying a large scale exploit of Solana is in progress and advising users to revoke permissions for all apps in their wallets and move funds to cold storage.