Categories
Main Category

All You Need to Know About the Solana Hack 2022!

One of the strangest hacks in the crypto world occurred yesterday, The Solana Hack. Over $6,000,000 in Solana and USDC was stolen from over 8,000 Solana wallets. The hacker exploited private keys to steal user monies, making it one of the most puzzling thefts in the crypto sector to date. 

The reason for the attack and the degree of the damage is still being investigated; however, on Wednesday afternoon, the “Solana Status” Twitter account disclosed that the vulnerability appears to be connected to Slope wallets, a particular kind of bitcoin wallet platform created for Solana. And rather than a Solana blockchain compromise, private key (or password) information for such wallets “was accidentally provided to an application monitoring provider” at some time.

Phantom posted a tweet late on Wednesday afternoon stating that it believes the exploits are the result of “complications related to importing accounts to and from Slope” and that it is “still actively working to identify whether there may have been other vulnerabilities that contributed to this incident.”

Slope acknowledged that “a cohort of Slope wallets were compromised in the breach” in a statement but hasn’t disclosed the reason. “We have some hypotheses as to the nature of the breach, but nothing is yet firm… We are actively conducting internal investigations and audits, working with top external security and audit groups,” Slope wrote.

 

Here’s How The Solana Hack Happened

It all began when several people on Solana detected odd fund withdrawals from phantom wallets. As a result, several news stories of individuals mass-transferring money from their wallets surfaced on social media. This was addressed by Phantom, which said in a statement that it wasn’t a “Phantom-specific issue.”

Developer and auditor 0xfoobar discovered the theft of Solana and USDC from Slope and Phantom wallets a short while afterward.

El33th4xor, a co-founder of VAX, immediately said that the attacker was able to transfer the funds because they had access to private keys. There are two conceivable explanations in theory: One possibility for the hackers was to execute a “supply chain assault.” They have to break into the JS library and grab the private keys to do this. The alternative would be to use a browser vulnerability. However, this appears implausible given that several Internet systems would need to be impacted. In this hack, Solana was the only intruder. Emin Gün Sirer also acknowledged that coins on centralized exchanges and hardware wallets are not in danger.

 

Unreasonable Solana RPC Node Failures

Additionally, when specific RPC nodes began ping offline, the exploit worsened. This suggested that the Solana network was down, which increased the heated tone on Twitter.

A purported counter-attack on the hacker is the cause of this. The argument states that to slow down the hack, the developers need to have launched many DDos assaults against the nodes. The precise reason for the failure is yet unknown, though it is concerning.

 

Cryptocurrency Hacks Are Increasing; How Can You Protect Yourself?

The Solana exploit no longer an exceptional circumstance. Yesterday saw the fourth-largest breach in cryptocurrency history. More than $190 million was taken from the Nomad Bridge due to an upgrade issue. As a result, hackers are increasingly targeting the cryptocurrency business. 

The fact that hardware wallets are almost immune to hacks is awe-inspiring. That is why the phrase “Not your keys, not your coins” became popular in the cryptosphere. Therefore, you should consider using a hardware wallet if you want to be completely safe and shield your money from hacker assaults or bankruptcy. Only those who store their monies secretly will have a reasonable likelihood of avoiding such occurrences.

Categories
Main Category

What Is Proof of History (PoH)?

Proof of History (PoH), developed by Solana, is a way of embedding time into the blockchain to reduce the strain on network nodes while processing blocks. In a classic blockchain, reaching an agreement on when a block was mined is equally as crucial as reaching an agreement on the transactions in that block. Timestamping is essential because it tells the network that transactions happened in a specified sequence.

 

In a Proof of Work (PoW) scenario, the successful block miner is the first to find the right nonce, which requires a certain amount of computing power. Verifiable Delay Functions are used in Proof of History (PoH) (VDFs). A VDF can only be solved by one CPU core following a particular procedure. It is easy to estimate the time required for each step because parallel processing is not allowed.

 

Proof of History (PoH) eliminates the time barrier by decreasing the processing weight, making blockchain efficient and faster. The security technique known as Tower BFT, which enables users to stake tokens to determine if a Proof of History (PoH) hash is genuine, is combined with Proof of History (PoH) in Solana.

 

Benefits

Low Transaction Prices:

Solana has lower transaction fees than competing networks like Ethereum. As a result, Solana is an ideal solution for frequent purchases and money transfers.

 

Scalability: 

The Solana network provides rapid transaction processing. As a result, the whole picture becomes more scalable.

 

Drawbacks

To verify the legitimacy of transactions on its network, Solana currently makes use of fewer than 1,200 validators.

 

Solana is frequently described as an Ethereum killer; however, the network has fewer dApps in comparison. Solana has around 350 dApps, but Ethereum has nearly 3,000 dApps.

 

Proof of Stake vs. Proof of History (PoS)

The concepts of Proof of Stake and Proof of History are quite identical. This is because Proof of Stake turned into Proof of History. Both algorithms are based on the same principles. Both methods employ validators to ensure that transactions are verified, and new blocks are produced.

 

However, there is a considerable variation in how time is estimated between these two techniques. Proof of Stake uses the timestamp function. This implies that each node is dependent on the network’s timestamp. Because time must first pass via the network, the network will run slower.

 

This isn’t necessary with Proof of History since it uses the Verifiable Delay Function, which estimates time based on historical events. Following the analysis of these occurrences, a hash function is created; anybody can verify that. This hash is added to every block produced by the network. Since calculating time requires so little, the Solana blockchain is already highly scalable.

 

Issues with Proof of History (PoH)

PoH is a consensus process similar to Proof of Stake but utilizes a different time calculation algorithm. Historical events currently determine the passage of time. These events are combined to build a hash that preceding events can only create. In no way can the hash be fabricated.

 

Solana is the first blockchain to use the PoH algorithm. As a result, the blockchain is highly scalable, with the ability to execute up to 60,000 transactions every second. PoH ensures that identifying the timestamp of a transaction requires as little time as possible.

 

Proof of History, on the other hand, is riddled with problems. For example, because this strategy has never been tested on a large scale, we wouldn’t know if it works properly. Furthermore, several weaknesses and attacks in Solana have already been uncovered, some partially triggered by PoH. As a result, we are unsure if PoH is a secure consensus mechanism.

Categories
Main Category

Learn Basic Operation of Solana-CLI

If 2020 is considered to be the year of Ethereum Defi. Then the Solana ecosystem’s year is 2022. The official website for Solana states that 400 projects have just been launched there. This is undoubtedly challenging for a blockchain that has recently launched its mainnet in April 2020. This article will first cover some fundamental Solana-CLI procedures, such as how to make a wallet and send money around.

Setup

Examples used in this piece were run on Ubuntu 20.04.

The CLI tools for Solana must first be downloaded from the company’s main website. You may download it by using the command below:

sh -c “$(curl -sSfL https://release.solana.com/v1.8.0/install)”

Restart your computer when the download is finished, and then verify that it was installed correctly:

$ solana –version 

solana-cli 1.8.0 (src:4a8ff62a; feat:1813598585)

Then, we must download Rust, the primary language Solana uses:

$ curl https://sh.rustup.rs -sSf | sh

$ source $HOME/.cargo/env

$ rustup component add rustfmt

Like other blockchains, Solana requires a wallet for storing, sending, and doing other operations with your tokens.

If you are unfamiliar with blockchain technology, a wallet is a set of public and private keys. Public Key may be compared to your account number. For instance, if your friend wants to send you some tokens, he must choose your public key as the recipient. The private key may be thought of as your account’s signature, which is used to verify that the transfer information was transmitted from and was authorized by your account. Your private key must be stored securely and adequately as a result. Otherwise, if it is lost, you won’t be able to spend any of your money; if it is leaked, anybody can move it at any time.

According to the company’s documentation, Solana Wallet may be set up in three modes: Paper Wallet, Hardware Wallet, and File System Wallet. The major focus of this article is on explaining how to establish a File System Wallet and utilize it for various tasks.

You can establish a new wallet account by following these steps if you need to:

$ solana-keygen new

The above command will produce a pair of public and private keys and store them in the following predefined locations:

/root/.config/solana/id.json

Additionally, you may choose where to store the freshly generated public and private keys:

$ mkdir solana

$ solana-keygen new –outfile /root/solana/my_wallet.json

After that, you must confirm that you are the wallet’s private key owner to the Solana network. You must first get this wallet’s public key:

$ solana-keygen pubkey ~/solana/my_wallet.json FEBxPgsTXTdWkifpiGUSjfzS7ztBFJKPnaHT8A7iUdFc

After that, pair the wallet file with this public key:

solana-keygen verify FEBxPgsTXTdWkifpiGUSjfzS7ztBFJKPnaHT8A7iUdFc /root/solana/my_wallet.json

To examine the current configuration, we may use the command:

$ solana config get Config File: /root/.config/solana/cli/config.yml

RPC URL: http://api.devnet.solana.com

WebSocket URL: ws://api.devnet.solana.com/ (computed)

Keypair Path: /root/.config/solana/id.json

Commitment: confirmed

Let’s now go over the setup information mentioned above:

Config File: The configuration file’s location;

RPC URL: The URL of the Cluster to which you are currently logged in. The network is referred to as a Cluster in Solana. You can now connect to several Clusters in Solana, including Testnet, Mainnet-Beta, and Mainnet. On your localhost, you may quickly build your own Solana Cluster. The setting above displays Solana’s Testnet at http://api.devnet.solana.com;

WebSocket URL: The Solana Cluster’s Websocket URL that you connected to. It is produced automatically from the RPC URL;

Keypair: The location of the wallet’s active wallet

We must change the wallet location to /root/solana/my wallet.json as the wallet display location is the Solana CLI’s default location:

$ solana config set –keypair /root/solana/my_wallet.json

This command can be used to switch between wallets on the same workstation.

As previously noted, Solana offers a variety of Clusters. In this article, Testnet will be used for all activities. The Mainnet and Testnet configurations are very similar. The main distinction is that on the testnet, all tokens and transactions are fake. Therefore, anyone may freely experiment with anything on the Testnet.

Solana-default CLI’s setup should point to Testnet after it has been downloaded. If not, you may establish using the command below:

$ solana config set –url https://api.devnet.solana.com

Additionally, you may get Sol coins via Airdrop on the Testnet. You may get 2 Sol coins by following these steps after finishing the above configuration:

$ solana airdrop 2

Let’s now create a new wallet with the name my wallet2.json. The directions remain the same as before:

$ solana-keygen new –outfile /root/solana/my_wallet2.json

Extracting its public key now

$ solana-keygen pubkey ~/solana/my_wallet2.json Ec2x4xwfxgLuZBwvuv1HmhFgujWNJ16Lkf92Zu81hv56

And verify your wallet:

solana-keygen verify Ec2x4xwfxgLuZBwvuv1HmhFgujWNJ16Lkf92Zu81hv56 /root/solana/my_wallet2.json

Solana’s Testnet has two wallets stored in the files /root/solana/my wallet.json and /root/solana/my wallet2.json, respectively. I received two Sols through airdrop in my wallet, located at /root/solana/my wallet.json. Let’s try sending one of these to /root/solana/my wallet2.json wallet now.

To check the setup right now, use the following command first:

$ solana config get Config File: /root/.config/solana/cli/config.yml

RPC URL: http://api.devnet.solana.com

WebSocket URL: ws://api.devnet.solana.com/ (computed)

Keypair Path: /root/solana/my_wallet.json

Commitment: confirmed

As shown earlier, our wallet is located at /root/solana/my wallet.json. Then, to send 1 Sol to this account, we enter the public key of the receiving account:

$ solana transfer Ec2x4xwfxgLuZBwvuv1HmhFgujWNJ16Lkf92Zu81hv56 1 Error: The recipient address (Ec2x4xwfxgLuZBwvuv1HmhFgujWNJ16Lkf92Zu81hv56) is not funded. Add `–allow-unfunded-recipient` to complete the transfer

You will discover a mistake in the initial transfer. The major cause is that the receiving account has no balance; hence the instruction should be altered to:

$ solana transfer Ec2x4xwfxgLuZBwvuv1HmhFgujWNJ16Lkf92Zu81hv56 1 -allow-unfunded-recipient

After success, execute the following command to check the recipient account’s balance:

$ solana balance Ec2x4xwfxgLuZBwvuv1HmhFgujWNJ16Lkf92Zu81hv56

1 SOL

We can also check the balance of the original account:

$ solana balance FEBxPgsTXTdWkifpiGUSjfzS7ztBFJKPnaHT8A7iUdFc

0.9985234 SOL

After transferring 1Sol from your first account, the remaining amount will be 0.9985234Sol rather than 1Sol. Because Solana transactions are the same as those of other blockchains, each transaction needs payment to the network’s Validator. As a result, the missing component is the transaction’s processing charge.