Solana’s hack is one of the major events that happened this week. These are my additional comments.
According to a tweet on Solana account. “There is no evidence the Solana protocol or its cryptography was compromised.” I think we should not take this lightly. I would expect a full postmortem later this week to address to the attack.
The addresses that were affected by the attack were at one point created, imported or used in the Slope mobile applications. Private key information was also accidentally sent to an application monitoring service. I think a decentralized network should stay independent and operate purely by codes. This can help to reduce similar problems.
Whether it is a bridge exploit or supply chain attack, the root problem is still uncertain. I would suggest users to create a new wallet, move their funds over to the new wallet and delete the old ones. Users for the time being can also consider moving their funds to the more reputable centralized exchanges or hardware wallets too. Keeping assets secure amid the uncertain situation is the best way for now.
I think the rest on the network should check on their codes and increase their security to prevent any other possible exploits that could happen. Never be too sure and let your guard down.
Decrypting the Solana Wallet attack and how investors can safeguard their crypto holdings
With reports indicating around 8,000 ‘hot’ wallets were compromised in the attack, experts advise investors to switch to hardware wallets for better security.
Close on the heels of cross-chain messaging platform Nomad being the target of a $200-million crypto heist, investors using ‘hot’ or internet-connected crypto wallets on the popular blockchain Solana were under attack from an unknown bad actor.
Over $8 million stolen from 8,000 investors
Create new wallets, delete old ones
“While it is my opinion that a decentralised network should stay independent and operate purely by codes, I think the team at Solana should re-check all their partner systems and increase their security to prevent any other possible exploits. Investors ought to remain vigilant and take necessary precautions at their end,” he said.
“I would suggest users create a new wallet, move their funds over to the new wallet and delete the old ones. They can also consider moving their funds to the more reputable centralised exchanges or hardware wallets too. Keeping assets secure amid the uncertain situation is the best way for now,” he added.
Preliminary investigations have revealed that this exploit was limited to just the Slope wallet on the Solana ecosystem, while hardware wallets used by Slope remained unscathed.
According to Solana, affected wallet addresses were at one point created, imported or used in Slope mobile wallet applications, and their private key information was transmitted to an application monitoring service.
Do not store private keys on computers
Commenting on the Solana network and the underlying sentiment, Lin, a senior analyst at Block Review, said according to his statistics, there were 10.5 percent negative sentiments for Solana in the last seven days, while Ethereum had around 6.2 percent and anything below 15 percent is still okay in his opinion.
“Coming back to the private keys that were compromised, I think any of this information should never be on any computer at any given time. This part should be taken care of and well audited by the wallet providers. Users, on the other hand, have to take extra care of their private keys and seed phrases,” Lin said.
Solana has already urged investors affected by the attack to abandon the affected wallets as they could still be compromised even after revoking wallet approvals.
While the exact modus operandi employed is still unknown, crypto industry leaders have highlighted that the suspect transactions were properly signed, further indicating that it could be a supply chain attack with a specific focus on Slope ‘hot’ wallet users.
Investors should opt for cold or hardware wallets
Elaborating on how hackers can still steal from a compromised wallet, Raj Kapoor, founder of India Blockchain Alliance, said since private keys are stored in application and device wallets, hackers can access them and steal cryptocurrencies and that sums up the Solana hack.
“If your wallet has been compromised, it’s paramount that you transfer any existing funds from your compromised wallet to another wallet. Hackers will wipe your account of funds immediately, but if you’re lucky and they have not done this yet, it’s time for investors to take immediate action,” he added.
Since most hacks happen to hit “hot” wallets, investors should opt for cold or hardware wallets instead. While investors may need some of it online for transactions, they should keep what they need in the short term and store most of it offline.
A cold crypto wallet, which is similar in size to a USB device, holds a private key that can be used to access your funds. Investors can set their own private keys as well.
Use multi-factor authentication
Investors should also use multi-factor authentication (MFA) as this creates a layered defence on their account with independent credentials based on a password, security token, and/or biometrics.
Phishing is another danger and to prevent it, investors should never log in to their cryptocurrency exchange unless they are sure they are on the correct site.
Do not share information over texts, emails
Additionally, investors should not trust texts, emails or chats that ask for your personal information.
Avoiding public WiFi is also a great idea as is updating your software from time to time. Regularly changing the passwords is great as well. Change the password regularly and use a password manager like LastPass or 1Password.
‘Hot’ wallets are vulnerable
As Solana continues to work with Slope Finance in conjunction with their partners OtterSec and SlowMist to restore normalcy, this incident again serves to highlight the vulnerability of ‘hot’ wallets to cyberattacks, despite the faster transaction times offered by them.
Comprising the entire collection of web-based, mobile and desktop wallets available today, ‘hot’ wallets should be used in conjunction with ‘cold’ or hardware wallets to strike the perfect balance between speed, functionality and security.
For those actively trading in crypto tokens and other crypto assets, it is recommended to hold trading funds in a ‘hot’ wallet while the bulk of their crypto holdings remains secure in a ‘cold’ or hardware wallet.
Nearly impossible to hack hardware wallets
Since a user’s private keys never leave the device, stealing funds from a hardware wallet is an almost impossible task for malicious cyber entities. Ranging from 50 to a few hundred dollars, the security offered by these hardware wallets more than compensates for the one-time costs involved and is highly recommended for all crypto investors out there.
Anndy Lian is an early blockchain adopter and experienced serial entrepreneur who is known for his work in the government sector. He is a best selling book author- “NFT: From Zero to Hero” and “Blockchain Revolution 2030”.
Currently, he is appointed as the Chief Digital Advisor at Mongolia Productivity Organization, championing national digitization. Prior to his current appointments, he was the Chairman of BigONE Exchange, a global top 30 ranked crypto spot exchange and was also the Advisory Board Member for Hyundai DAC, the blockchain arm of South Korea’s largest car manufacturer Hyundai Motor Group. Lian played a pivotal role as the Blockchain Advisor for Asian Productivity Organisation (APO), an intergovernmental organization committed to improving productivity in the Asia-Pacific region.
An avid supporter of incubating start-ups, Anndy has also been a private investor for the past eight years. With a growth investment mindset, Anndy strategically demonstrates this in the companies he chooses to be involved with. He believes that what he is doing through blockchain technology currently will revolutionise and redefine traditional businesses. He also believes that the blockchain industry has to be “redecentralised”.