One of the strangest hacks in the crypto world occurred yesterday, The Solana Hack. Over $6,000,000 in Solana and USDC was stolen from over 8,000 Solana wallets. The hacker exploited private keys to steal user monies, making it one of the most puzzling thefts in the crypto sector to date.
The reason for the attack and the degree of the damage is still being investigated; however, on Wednesday afternoon, the “Solana Status” Twitter account disclosed that the vulnerability appears to be connected to Slope wallets, a particular kind of bitcoin wallet platform created for Solana. And rather than a Solana blockchain compromise, private key (or password) information for such wallets “was accidentally provided to an application monitoring provider” at some time.
Phantom posted a tweet late on Wednesday afternoon stating that it believes the exploits are the result of “complications related to importing accounts to and from Slope” and that it is “still actively working to identify whether there may have been other vulnerabilities that contributed to this incident.”
Slope acknowledged that “a cohort of Slope wallets were compromised in the breach” in a statement but hasn’t disclosed the reason. “We have some hypotheses as to the nature of the breach, but nothing is yet firm… We are actively conducting internal investigations and audits, working with top external security and audit groups,” Slope wrote.
Here’s How The Solana Hack Happened
It all began when several people on Solana detected odd fund withdrawals from phantom wallets. As a result, several news stories of individuals mass-transferring money from their wallets surfaced on social media. This was addressed by Phantom, which said in a statement that it wasn’t a “Phantom-specific issue.”
Developer and auditor 0xfoobar discovered the theft of Solana and USDC from Slope and Phantom wallets a short while afterward.
El33th4xor, a co-founder of VAX, immediately said that the attacker was able to transfer the funds because they had access to private keys. There are two conceivable explanations in theory: One possibility for the hackers was to execute a “supply chain assault.” They have to break into the JS library and grab the private keys to do this. The alternative would be to use a browser vulnerability. However, this appears implausible given that several Internet systems would need to be impacted. In this hack, Solana was the only intruder. Emin Gün Sirer also acknowledged that coins on centralized exchanges and hardware wallets are not in danger.
Unreasonable Solana RPC Node Failures
Additionally, when specific RPC nodes began ping offline, the exploit worsened. This suggested that the Solana network was down, which increased the heated tone on Twitter.
A purported counter-attack on the hacker is the cause of this. The argument states that to slow down the hack, the developers need to have launched many DDos assaults against the nodes. The precise reason for the failure is yet unknown, though it is concerning.
Cryptocurrency Hacks Are Increasing; How Can You Protect Yourself?
The Solana exploit no longer an exceptional circumstance. Yesterday saw the fourth-largest breach in cryptocurrency history. More than $190 million was taken from the Nomad Bridge due to an upgrade issue. As a result, hackers are increasingly targeting the cryptocurrency business.
The fact that hardware wallets are almost immune to hacks is awe-inspiring. That is why the phrase “Not your keys, not your coins” became popular in the cryptosphere. Therefore, you should consider using a hardware wallet if you want to be completely safe and shield your money from hacker assaults or bankruptcy. Only those who store their monies secretly will have a reasonable likelihood of avoiding such occurrences.