Solana Users Suffer High-Dollar Hot Wallet Hack
SOL and USDC stolen from app wallets
Hold on… another hack? Yes, unfortunately cryptocurrencies are not always safe, especially those held in an online (hot) wallet. Private keys can be exposed if the right precautions are not set in place, both on the developer side and the investor side alike.
The stunt began on Tuesday night when an unidentified hacker, or group of hackers, found and retrieved millions of dollars in crypto assets from various accounts. According to NFT gaming wallet, Kiyomi, over $7 million was taken from wallet accounts and transferred to the hacker’s wallet.
Both SOL and USDC were involved in this incident, causing over 7,700 wallets to become delicious prey for the unruly predator.
Who or what is Solana?
Solana is either a famous pop star, or the name of one of the world's fastest, most scalable blockchains. The answer is found in the latter option, as various development teams around the globe build upon the advanced technology stack creating NFTs, DeFi apps, and a whole lot more. Transactions on Solana cost very little, usually less than $0.001, making it a cost-effective solution for blockchain developers.
Many supporters of the Solana ecosystem view Solana as the blockchain that will surpass Ethereum in terms of development and real-world use-cases. The Solana Foundation is working to release a cell phone soon called Saga that will incorporate a built-in wallet and dApp store.
Hard wallets are unaffected
Hard wallets, or wallets kept offline, have not been hit by this phenomenon. Sadly, when this many hot wallets are affected by one hack, there could be a weak spot somewhere within application infrastructure that bad actors can take advantage of. @solportTom on Twitter is telling everyone to quickly move their funds over to a hard wallet (Ledger, Trezor, etc.) so that other tokens remain safe. @solanastatus recommends users not to recycle their hot wallet seed phrase when creating a hard wallet account, as the hacked wallets need to be entirely discarded.
Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of no where.
— Tom 《TYR》 (@SolportTom) August 2, 2022
Move everything to a ledger NOW.
Two wallets reported:
#1 https://t.co/wfzoemsyzN
#2: https://t.co/MrScbi9hf1
Phantom and Slope, two popular crypto wallet browser extensions within the Solana ecosystem, have been heavily impacted by this disruption. Investigators are currently working to discover any additional apps or wallets; besides the ones they know of, that have been hit by this severe Web3 incident.
Typically, hackers will try to steal as many assets as they can during an attack, in whatever way they can, without getting caught. The odds of users getting their crypto returned to them is slim to none, as the perpetrator remains unidentified. Even if authorities did find out who did it, the hacker could simply hide underground or store the funds away in a cold wallet under their mattress.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
— Solana Status (@SolanaStatus) August 3, 2022
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
Did the Solana blockchain get hacked?
Whenever news breaks regarding a crypto hack, people tend to immediately look to the blockchain network itself as the root cause of the issue. Even though the Solana blockchain has had its fair share of issues, including multiple hours of downtime, the blockchain has not been hacked. Blockchain technology is extremely tamperproof, while occasional apps and services built on top of the blockchain can become susceptible to infiltration.
For an entire blockchain to be taken over, a person would either need to be the majority token holder (in a proof of stake consensus model) or obtain more than 51% of the computing power (in a proof of work consensus model). Even if a hacker managed to hack into a blockchain, it would not be in their best interest because the coins they are stealing could end up losing their dollar value if the chain ends up failing.
Why are Solana users suffering?
Investors who use apps built for the Solana ecosystem, are the very users suffering because of the recent attack. Let’s say for example that $7 million was the exact number of funds stolen from precisely 7,700 Solana wallets. If the money was spread evenly between all accounts, each account would hold approximately $909.
Solana users are having a hard time because they lost their hard-earned money that was invested into either SOL or USDC, that has now simply vanished into thin air. On the flip side, the positive aspect behind this is that these users may now take further precautions when storing their funds. Perhaps they will turn to hard wallets for most of their holdings, while only small amounts get held in hot wallets.
Wrapping Up
Digital currencies are still in their nascent state as developers, investors, companies, and innovators around the globe work to bring Web 3.0 to life. Along the way, there will be bumps in the road, and there will always be bad actors out there who want to steal and destroy.
Understanding the risks of the cryptocurrency market is essential for long-term success in the space. That is one of the reasons that the team at Cindicator created Stoic AI, a trading app that does not hold onto funds, but only executes trades on customer’s behalf. The app does not have the ability to withdraw, and users have complete control of their money.
Take care and as always… Keep your fingers on the Pulse!
Related articles
The Metaverse: What is it and Why Does it Matter?
Crypto Gaming Explained: Why Play Crypto Games?
Disclaimer
Information in the article does not, nor does it purport to, constitute any form of professional investment advice, recommendation, or independent analysis.