Someone just made off with roughly $14.2 million in SOL tokens from a wallet connected to Solana’s genesis distribution. The attacker, or attackers, executed a methodical sequence: unstake the tokens, then bridge them over to Ethereum, effectively moving the funds off the Solana chain entirely.
What happened
The irregular activity involved a series of unstaking transactions followed by cross-chain transfers. Someone gained access to a wallet holding staked SOL, pulled the tokens out of staking, and then used a bridge protocol to shuttle the assets over to Ethereum.
The specific bridge protocol used in this case hasn’t been publicly identified. Neither has the exact wallet address, the method of compromise, or the identity of whoever was behind it. What is known is that the loss totals approximately $14.2 million, and the wallet had direct ties to Solana’s genesis distribution.
Genesis distribution refers to Solana’s initial non-circulating token allocations. These were tokens set aside at the network’s launch for early backers, the Solana Foundation, ecosystem development, and other foundational purposes.
The attack vector remains unclear
Nobody has confirmed exactly how the attacker gained access. The three most likely scenarios are private-key compromise, a phishing attack, or exploitation of a smart-contract vulnerability. The pattern of unstaking followed by bridging is consistent with private-key theft. An attacker who controls the keys can do whatever the legitimate owner could do, including unstaking and moving funds freely.
This isn’t the first time Solana-linked wallets have been hit with this exact playbook. Previous incidents in the ecosystem have followed remarkably similar sequences, suggesting that attackers have identified this as an efficient method for extracting and laundering stolen SOL.
What this means for investors
So far, there’s no indication that this incident has triggered a broader sell-off in SOL or meaningfully impacted market prices. There is no evidence of a wider attack campaign targeting multiple genesis wallets or any vulnerability in the Solana protocol itself.
If the attacker attempts to liquidate through centralized exchanges, there’s a chance some portion could be frozen or recovered. If they route through mixers or decentralized protocols, recovery becomes exponentially harder.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

1 hour ago
23









English (US) ·