en
Back to the list

Solana Breach: Will the Project Recover the Funds?

04 August 2022 11:02, UTC
Odero Kester

Solana, a cryptocurrency project that bills itself as "an open source project building the foundation for Web 3.0," is the latest victim of a major hack. On August 2, 2022, Solana Foundation announced that it had suffered a "security incident" in which an unknown attacker gained access to its treasury funds and made off with over $8 million worth of cryptocurrency. The attacker also gained control of several Solana Foundation-owned social media accounts and used them to post fraudulent giveaway offers. This was seen as an effort to exploit the panic caused by the hack and trick Solana investors into sending their funds to the attacker.

Is Solana secure as it’s meant to be?

There have been ups and downs for the Solana blockchain. Before this week's suspected breach, it plummeted 10% in 24 hours in February following what CoinDesk dubbed a "wormhole exploit," it had to halt block creation for seven hours in May, and it had "additional troubles for the Solana blockchain" in mid-June.

Solana's USP is that it can conduct 50,000 deals per second, which is more than its major competitors, Bitcoin and Ethereum, can. However, it also implies that assaults may occur extremely fast. Additionally, traders have been speculating on shorting the currency even though CoinDesk claims that the SOL token has maintained its price support despite the "poor optics" of the "multimillion-dollar theft."

This could be devastating for a project still in its early stages. The hack also highlights the risks associated with investing in cryptocurrency. While Solana is not the only cryptocurrency project to suffer a major hack, it is one of the few that has lost many funds. This loss will likely deter some investors from putting their money into Solana or any other cryptocurrency project.

This is not the first time that a hack has hit Solana. An attacker stole over $8 million worth of cryptocurrency from the Solana team's accounts a while ago. This happened shortly after the Solana mainnet launch. The team recovered some of the funds, but the attack caused significant damage to the project's reputation.

The possible outcome of the attack

The Solana Foundation has not confirmed any details about how the attacker gained access to its treasury fund or what steps it takes to prevent such an attack. However, the foundation is "working closely with law enforcement" to track the attacker and bring them to justice. In the meantime, it has urged all exchanges and service providers to "immediately freeze any SOL deposited from the addresses associated with the attack."

This news understandably rattles investors in Solana. The Solana Foundation has said that it is "committed to the security of our community" and will "take all necessary steps to ensure the safety of our funds and community." However, given the size of the hack and the fact that this is not the first time attackers have targeted Solana, some investors may lose faith in the project.

According to Solana, the answer at this stage is to utilize a wallet with a new seed phrase and move the cash there. However, this solution has a significant issue: not all customers have a hardware wallet, which is an actual device that provides more excellent protection for your digital currencies than a software wallet like Phantom. Additionally, not all individuals are computer-savvy and may not know how to set up a hardware wallet or understand the importance of having one.

As per blockchain auditors OtterSec, the assault is still underway, with over 8,000 wallets hacked thus far.

Several Solana addresses have been connected to the hack, with those wallets gathering at least $5 million in SOL, SPL, and other Solana-based tokens from unwary users. On top of this, the amount lost could be much higher since some of those coins might have been quickly converted to other digital assets, making it hard to track them.

According to a tweet from SolanaStatus, engineers from many networks discovered that the fault is not related to Solana core code but software utilized by multiple software wallets.

The hack will undoubtedly rekindle a long-running discussion over the security of hot wallets linked to the internet to give users a simple way to transmit, store, and receive cryptocurrency. Cold wallets, USB devices that must be connected to a computer to sign transactions, are being hailed as a more secure, albeit less convenient, option. Another suggested alternative is to keep digital assets in so-called "air-gapped" wallets, which are not connected to any network. These wallets are considered to be the most secure but also the most cumbersome to use.

Some users speculated that the breach was linked to transactions on Magic Eden's Solana-based non-fungible token (NFT) marketplace. However, this relationship became less evident as the attack progressed. The marketplace warned users to cancel rights from its wallet to avoid being targeted. Users were also advised to "[m]ove everything to a cold wallet/ledger."

This is a significant blow to Solana's reputation, and it will likely take some time for the project to recover. In the meantime, investors should exercise caution before putting money into this volatile and risky asset class. Additionally, as the cryptocurrency industry matures, we expect to see more attacks like this. Unfortunately, there is no surefire way to prevent them from happening. The best we can do is to remain vigilant and hope that projects like Solana learn from their mistakes and take steps to improve their security in the future.