On Wednesday, August 3, 2022, the world woke up to the news of yet another cryptocurrency hack — this time against Solana. Assets totaling at least $5.2 million are reported to have been stolen from 8,000 wallets trading on this highly functional open source project.
Owing to its highly experienced team, short lightning-fast processing times, and hybrid protocol, Solana gained popularity quickly. And as of August 24, is ranked 9th on the CoinMarketCap database.
However, this wasn’t enough to prevent the most recent attacks on the network. Which begs the question, how secure is the Solana blockchain?
Let’s find out.
A Third-Party ‘Hot’ Wallet Breach
Solana Foundation was quick to highlight that the breach was not an issue with Solana’s core code. Instead, the compromise occurred within third-party wallets which are used by various investors of the network.
Three of the targeted wallets were Trust, Slope, and Phantom. Unlike hardware wallets which are stored offline, these three are known as ‘hot’ wallets because they are always bridged to the internet.
The unidentified Solana attacker took advantage of a weakness in these so-called hot wallets to pilfer the accounts. The problem was therefore not in the Solana blockchain.
OtterSec, a blockchain audit firm reiterated that the vulnerability came from the wallet software and not the Solana ecosystem. The firm went on to add that because the attacker was able to move assets using user signatures, this pointed to a private key compromise.
How to Protect Yourself as an Investor
The Solana attack is proof that even if a blockchain is secure, the third-party applications you use to store and trade your crypto assets should be an important consideration.
The best way crypto owners can protect themselves is by opting to store their assets in offline, “cold” or hardware wallets.
Because these wallets are not linked to the internet they aren’t as easy a target as the ever-connected hot wallets.
Investors are advised not to keep funds in hot wallets and move them instead into their cold wallets where their assets can be physically stored offline.
Another best practice that adds an extra layer of security to your hard wallet is routinely changing your seed phrase.
Is the Solana Attack an Isolated Incident?
Unfortunately, the Solana attack was not an isolated case, and in 2022 alone, CNBC reports that hackers have stolen nearly $2 billion worth of crypto.
The five biggest hacks of 2022, in order of assets lost, include:
- Axie Infinity Ronin Bridge attack occurred on March 28 and assets stolen total $625 million.
- Wormhole happened on February 2, and the assets stolen are worth $325 million.
- Beanstalk hack transpired on April 17 with $182 million worth of assets disappearing.
- Harmony Bridge. When? June 23. The amount stolen? $100 million.
- Qubit QBridge Hack took place on January 27 resulting in an $80 million breach.
Attacks on networks, hacks, and breaches are part and parcel of the risk of investing in digital assets. It’s a trade-off that comes when you trade cryptocurrencies.
Disclaimer: Any information provided in this blog is not intended to replace legal, financial, or taxation advice given by qualified professionals.