8k wallets hacked, $5.2M drained: Everything you need to know about the Solana wallet security breach
The news of Solana’s wallets getting hacked has taken over the internet since 2 Aug 2022. There have been several searches on the internet about the Solana news: is Solana’s infrastructure faulty causing the loss of millions of dollars loss? Let’s look into every aspect of the news and understand what led to the hack.
The Solana wallets hack facts-flash
There was a wildfire spread on the Web3 community about the thousands of Solana software wallets being drained of SOL and other Solana-based tokens. The breach, which is still active, appeared to come from the Phantom wallet on the Solana browser, initially and was thought to have compromised user keys. It may have involved seed phrases that were reused by several wallets on various chains. The attack was not limited to Solana but USDC balance was drained as well. Many tweets also stated that iOS wallets succumbed and were more vulnerable to supply chain attacks.
The root cause of the breach was identified to have originated from the slope mobile wallet so that is important to note it was nothing to do with the Solana network.
Private keys are stored in application and device wallets. Software applications and devices can be hacked which supports the statement that hackers can access them easily. The Solana hack involved compromised private keys that were created, imported, or used in the Slope mobile wallet and that’s why some users who had Phantom wallets were also impacted. A hacker was able to sign transactions on behalf of the owners, possibly resulting from an attack on the supply chain of trusted third-party services. The most recent attack has targeted popular internet-connected wallets including Phantom, Slope, and TrustWallet. The devs of Solana stated it was a security glitch in the Slope wallet that led to millions of dollars in heists.
Does Solana hold the same market statistics?
Solana picked up steam in the competition because of its superfast, low-cost transactions. Solana being deemed cheaper and faster than Ethereum made it a breeding ground for NFT projects. The price of Solana’s native cryptocurrency SOL tripled in value in 2021.
The recent hack drained funds from approx. 8000 wallets on the network and the loss estimation has elevated to more than 8 million dollars.
Analytics of past years considered Solana to be the most secured decentralized among the networks but the recent hacks could lead the network to drop out of the top ten. Solana plunged about 10 per cent to the $38.25 level just a day after the wallets were hacked.
The good news here is many whales and large-cap investors are supporting the token due to its long history of high-value status in the top crypto list by price and market cap.
Solana — saved by white hat hackers
Solana ecosystem was hit by the hack, draining millions worth in crypto from 14,000 user wallets. It has been coined as the ‘act of hackers’. Many sources claim it is an act of white hat hackers and few of them call it grey hat hacking.
A supply chain attack occurs when hackers maliciously incorporate their code into the software to hack the system. While an iOS supply chain attack involves malicious hackers obtaining access to online wallets to access private keys. Some devs tweeted that Slope had the confidential data in plain text which stood as a major breach of user-funds security.
Several white/grey hat hackers used the developer’s script to spam the user wallets which was very similar to Distributed denial-of-service or DDoS attacks. As per SolBlaze, approx. 5–10 users were involved in the spamming process. This led to the RPC server crash and became tedious for users to access the Solana network. The RPC servers were fixed and came back online with accessibility. This was a well-intentioned attempt by the white-hat hackers to spam the malicious hacker’s address with malformed transactions.
Technically, white hat hackers are called ethical security hackers who use their hacking skills to identify security vulnerabilities in networks or Software. That being said, grey hat hackers are computer hackers with a blend of both black and white hat activities. They might violate the rules but never hold the malicious intent.
Do you think the Solana hack news is justified to be called an act of white or grey hackers? Well yes, basically the malicious hackers were stopped from walking towards further damage by the white/grey hat hackers.
Possible solutions to counter the ongoing breach
The possible solutions during the attack were imposed by a few devs and investors to revoke all permissions in the Phantom wallet and other hot wallets and move funds to a hardware wallet. Many suggestions floated in the Twitter posts to help users from the wallet hack. The most recent attack has revived the long-running debate over the security of hot wallets, which are always online and give users a simple way to transmit, store, and receive cryptocurrency. Cold wallets — USB drives that must be plugged into a computer to sign transactions are called a more secure, albeit less convenient, alternative.
Where does this leave us?
Decentralization ensures that the blockchain is not governed by anyone and is distributed in a systematic digital network so that no one can intervene in the transaction. But this wallet hack unleashed a tsunami of thud over the blockchain ecosystem. Where does this leave the technology evolution? The major grill is if Solana could be the future of blockchains or the unrevealed history.
