A baffling new hack this week emptied thousands of Phantom and Slope Solana-based hot wallets this week, the latest in a string of ugly security breaches in Cryptoland, resulting in the theft of millions in dollars of assets for Solana ecosystem users. The hack has been attributed to a security issue with the hot wallet application Slope, namely, an unexplained private key exploit. Thankfully, neither the Solana chain nor its cryptography was breached in any way. Markets seemed to confirm this Wednesday, with SOL only down a few percent.
Following the hack, both the Solana Foundation and blockchain security experts like CoolBitX CTO Jay Zhuang urged users to move their SOL and SPL tokens funds over to a supported hardware wallet as soon as possible and abandon their old wallet thereafter for good. It is believed that the hack is still in progress, and with users' private keys compromised, hackers can continue to loot any remaining funds on affected wallets.
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.
— Solana Status (@SolanaStatus) August 3, 2022
A security incident is occurring with SOLANA wallets. Over 8,000 wallets drained. The root cause is not yet clear. To mitigate the impact, it is recommended to revoke application permissions and/or send funds to a trusted escrow wallet or cold wallet.@coolwallet https://t.co/AwH9ZYGesn
— Jay Zhuang (@twzjay) August 3, 2022
Contents
- Get CoolWallet Pro's Solana Hardware Wallet For SOL cold storage protection
- Solana Hack: Post-mortem reveals Slope Wallet private key exploit to blame
- Slope Issues Mea Culpa Statement and Warns Users to Move Funds
- How did the Solana 2022 hack happen?
- Phantom Wallet blames Slope and cross-account importing
- Solana Hack: What was stolen?
- Security lessons to learn from Solana Hot Wallet Hack
Get CoolWallet Pro's Solana Hardware Wallet For SOL cold storage protection
ICYMI last week, CoolWallet Pro, the DeFi-focused mobile hardware wallet, last week announced native support for Solana (SOL), making it one of the first Solana hardware wallets protecting SOL in cold storage. CoolWallet is also putting the finishing touches on SPL token and staking support in the Q3 quarter in accordance with its roadmap, thereby helping to provide Solana users with affordable, secure, and easy-to-use cold storage.
Get your Solana-supported CoolWallet Pro Now Buy CoolWallet Pro here.
Solana Hack: Post-mortem reveals Slope Wallet private key exploit to blame
Moving on, let's see what actually happened. After the initial pandemonium, the Solana team attributed the hack on Wednesday to a private key exploit found in Slope Wallet on social media, and maintains that neither the Solana chain nor its cryptography was breached in any way. This was later confirmed by Slope's team in a public statement.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Slope Issues Mea Culpa Statement and Warns Users to Move Funds
On Wednesday 3 July Slope Wallet fessed up unreservedly via an official statement, apologizing for the breach and asking users to move their funds. In the meantime, they will continue with their investigation into what went wrong. The statement pointed out the following:
- A cohort of Slope wallets was compromised in the breach
- They have some hypotheses as to the nature of the breach, but nothing is yet firm
- They feel the community's pain, and many of their own staff and founders' wallets were drained
Slope's team is "actively conducting internal investigations and audits, working with top external security and audit group and working with developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify" the issue.
How did the Solana 2022 hack happen?
According to the Solana Foundation, which reached their conclusions after an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.
The team found that the exploit was isolated to one wallet on Solana, and does not impact hardware wallets used by Slope. While the details of exactly how this occurred are still under investigation, private key information was somehow inadvertently transmitted to an application monitoring service. The Solana team concludes by saying there is no evidence the Solana protocol or its cryptography was compromised.
Phantom Wallet blames Slope and cross-account importing
Popular Solana wallet Phantom has also now shifted blame to Slope Wallet, saying it has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope, and are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident. They also urged users to move their assets to a new non-Slope wallet with a fresh seed phrase.
1/ Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance.
— Phantom (@phantom) August 3, 2022
We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident. https://t.co/W5B19gbMJX
Solana Hack: What was stolen?
While the first Solana reports estimated that the private keys of around 7700 wallets were compromised, the latest figures from the likes of blockchain analysis firm Elliptic puts it at about 8,000, and a total loss of $5.2 million is expected to increase.
Since mostly smaller wallets were targeted, this most likely happened during a malicious software install. The attack originated from four different addresses, according to the crypto security firm CertiK.
However, the blockchain auditing company OtterSec said that the attacker appeared to be signing for the wallet's actual keys, indicating that users' private keys have been compromised. Initial concerns were that it could be a supply chain attack but it could also indicate a browser zero-day vulnerability or even a hole in the way user passcodes are generated, as reported by BleepingComputer.
Meanwhile, some Twitterati have urged users to not try and revoke signing privileges but to move their funds over from their Phantom and Slope wallets to a centralized exchange, or best of all,a hardware wallet.
Security lessons to learn from Solana Hot Wallet Hack
The latest hack, which followed only a day after the $190m Nomad crosschain bridge hack, underscores the fact that hackers are not slowing down in their efforts to punish weak crypto security measures wherever they can, whether a crypto asset is at an all-time-high or 90% down from its peak. And that crypto projects who are not diligent and vigilant enough in their security will likely get punished eventually, which could cost you, the user, all your crypto.
With 2022 so far a graveyard of lost funds squandered away through DeFi and NFT hacks, scams and the swift demise of supposedly unsinkable crypto custodians like Celsius, ThreeArrows Capital, BlockFi, and more, the lesson to learn is that anything and everything is possible in crypto. Yes, especially the really really bad stuff. It can and will happen if you're not careful or willing to take the extra measures needed to secure a sizable portfolio.
Verdict: Protect Yourself at All Times
📣 It's finally here! @solana has come to the CoolWallet Pro
— CoolWallet (@coolwallet) July 25, 2022
😎 Send and receive $SOL directly from your #CoolWallet Pro
📗 #Solana is focused on fast transactions & high throughput through its innovative Proof of History model and its deflationary model
1/3 pic.twitter.com/0eBoOYUL0f
Using a hardware wallet like the CoolWallet Pro or S is a no-brainer, as we'll explain in a follow-up article next week. Your private key can never be exposed (thanks to an EAL6+ secure element) , and since you can generate your wallet and recovery seed completely offline on our hardware wallet, there is no need for your seed to ever be digitized even for a second.
Meanwhile, our secure CoolWallet app allows you to partake in all the fun that crypto offers, such as buying, selling, NFT trading, DeFi staking, and more. However, any transaction must be physically verified by you the user, through a physical button push. This keeps you in charge at all times.
To paraphrase both boxing and MMA referees' warning to fighters before they start to battle: "Protect yourself at all times". The same applies for crypto.
Whether you are aware of it or not, if you own cryptocurrencies, you're involved in a continuous war for its ownership, and you need to take the right security measures to win.
Stay posted for CoolWallet's imminent support of the growing Solana ecosystem this quarter, where we'll bring enhanced cold storage to this wonderful ecosystem for the benefit and support of all its users.
Get your Solana-supported CoolWallet Pro Now Buy CoolWallet Pro here.
Written by Werner Vermaak, CoolWallet Editor
This article has been written for educational purposes only and shouldn't be viewed as financial advice in any way.
Share:
CoolWallet Launches Solana (SOL) Hardware Wallet Support With Enhanced Cold Storage Security
Why Do I Need A Hardware Wallet For Cold Storage?