coinculture.com
- Solana’s (SOL) attack has drained thousands of hot wallets.
- The real cause of the attack is under investigation, so is the damage.
- Some said that the Solana team didn’t pay attention to cybersecurity.
According to statistics from MistTrack, four hacker-affiliated addresses have stolen USD 580 million worth of cryptocurrencies from over 8,000 wallets.
Thousands Of SOL Hot Wallets Were Attacked
MistTrack said that USD 4.5 million worth of SOL, USDC, USDT, Bitcoin (BTC), and Ethereum (ETH) were taken, excluding the value of EXIST and other shitcoins.
Instead of including the value of $EXIST and other shitcoins for our calculations, we’ll only be using $SOL, $USDC, $USDT, $BTC, $ETH.
Based on the current amount of above assets held by the 4 addresses, we estimate the total loss is around ~$4.5M https://t.co/8Ayp1sfd97
— MistTrack🕵️ (@MistTrack_io) August 3, 2022
Blockchain investigator PeckShield predicted a more significant loss, saying that the damage was approximately USD 8 million, excluding one illiquid shitcoin (only has 30 holders and may have been mispriced by USD 570 million).”
Solscan, a scanning tool for the Solana ecosystem, gave a real-time visualisation dashboard at about 10:00 UTC, displaying the total value of the hacker’s wallets, token allocation in each wallet, analytics of the victims’ wallets, and the most exploited wallets, etc.
At 12:22 UTC, according to the dashboard, the total money transferred to the attacker’s wallet is USD 4.46 million, including below 50% USDC, 35% SOL, and 15# other coins. Low liquidity coins are deleted from the report since they do not accurately represent the report’s accuracy.
" alt="" />The money transferred to the attacker’s wallet. Source: beta-analysis.solscan.io
As the attack started, customers reported that their funds had been siphoned from prominent internet-connected “hot” wallets, including Phantom, Slope, and TrustWallet, without their knowledge. Those impacted said they have not dealt with contracts in over 40 days.
OtterSec, a blockchain auditor, asserted that transactions were being signed by their legitimate owners, indicating a private key compromise. All users of the compromised wallets were instructed to relocate their assets to a hardware wallet or a centralised exchange.
The Cause of Attack Is Still Under Investigation
Although the specific cause of the attack remains unknown, it seems to have mostly affected mobile wallet users.
Engineers from several ecosystems, with the assistance of many security organisations, are probing depleted wallets on Solana, according to the Solana team.
There are no indications that hardware wallets are vulnerable. Meanwhile, Phantom said the team did not feel this was a Phantom-specific problem.
Anatoly Yakovenko, the co-founder of Solana Labs, asserts that only a token-specific delegation, an auto-approve, or a leaked seed might transfer assets from a wallet on behalf of the user.
Since system transfers are occurring, delegation is ruled out. There is no possibility that interaction could render a wallet susceptible.
Yakovenko later added that this appears to have been an iOS supply chain attack, noting that imported keys were also compromised. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been compromised, as well as keys imported into iOS and generated externally.
Later, he informed the community that Android had been released. Up to that moment, all of the confirmed cases had had the key imported or produced on mobile, and most of the reports were legitimate, but there were a few phantom users as well.
Yakovenko suggested that Apple and Google increase their security measures as a potential solution. Despite rumours, it was not an iOS hack. There are confirmed reports of wallet drains from non-iOS wallets and extensions. The evidence indicates that this is not an assault on a single wallet provider but somewhat various wallets on numerous operating platforms (mobile and desktop, iOS and Android).
Fucking @apple and @google can give us secure signing and recovery in the device. f’ing hell
— SMS aey.sol, 🇺🇸 (@aeyakovenko) August 3, 2022
Also, although investigations into the assault have not been able to determine the precise causes of these breaches, the attacker must have consisted of a third party that was granted authorisation to approve large transactions.
Despite the prevalence of this exploit model, projects can foresee and defend their users from such assaults. However, this requires the development of a very innovative forecasting tool that projects use. Innovators can also discover a solution to bridge the vast chasm or inconvenience between holding assets on a cold wallet and using them for dapp transactions.
Other Speculations About The Attack
Others have speculated that a trusted third-party service may have been infiltrated in a so-called supply chain assault, given that the hacker could sign transactions on behalf of users.
Analyst Adam Cochran confirmed with the cross-chain user that they imported their TrustWallet seed phrase onto Slope. This is likely why there have been so few direct incidents on Ethereum. Indicates anything exposing seeds using Solana applications?
PeckShield also commented on the supply chain idea, claiming that the broad breach on Solana wallets was likely due to the supply chain flaw used to steal/discover user private keys behind wallets.
Laine, a Solana validator, has rejected accusations that validators have banned or intend to blacklist hackers’ wallets.
“We have not blacklisted anything nor are we aware of any discussion to do so. Explorers have blacklisted them, i.e. they are displaying warnings, but that doesn’t affect any transactions,” Laine stated.
Clarification: there was no blacklist, it seems it was a UI error on solscan.
However there was a spam attack conducted to prevent the attacker from processing transactions which has brought down the mainnet rpc. https://t.co/eNINcdCE2g
— Arber X (@arberx_) August 3, 2022
At 7:20 UTC, fewer than 1 SOL had been stolen before the rate began to increase. In contrast, the hack began with over SOL 500 and eventually surpassed SOL 1,000, being harvested every minute. The ninth-largest crypto by market value traded at USD 38.67, a decrease of 4.1% over the previous 24 hours. It increased by about 7% in seven days and 16% in a month.
Meanwhile, Martin Hiesboeck, Head of Blockchain and Crypto Research at the multi-asset digital currency platform Uphold, stated that as the blockchain expands and has a track record of advantages, it is also revealing some of its shortcomings and problems. Users and developers encounter more decentralised finance (DeFi) attacks through social media portals like Discord and Telegram. However, “their final access point is via the ERC protocols that enable smart contracts and NFTs,” he added.
However, according to Hiesboeck, the Solana team had shown a flagrant disrespect for cybersecurity in comments primarily released on Twitter, putting speed above security. Each chain upgrade has rendered Solana more centralised and vulnerable to attacks.
According to one researcher, everyone participating in the research was aware of the hazards, yet the critical team members continually rejected calls for improvement. Solana was and remained a project designed to fail. The price increase in 2021 was solely attributable to venture capitalist speculation. Critics have characterised Solana as a “black hole of code.”