The Solana Hack and Why You Need a Hardware Wallet
My alpha chat lit up with notifications last night as news of the Solana hack rolled in.
“Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of no where.”
“Move everything to a ledger NOW.” @SolportTom
My chat began to speculate on what had happened as Twitter was ablaze with updates. A lot of folks took shots at the layer 1 chain known for its lightning-fast speeds and its frequent outages.
“Friendly reminder: Solana is the McDonald’s ice cream machine of L1 blockchain platforms.” -@WooShwayze
The number of hacks in the Web 3 space is getting far too many to track at this point. The saying goes, “Another day, another hack.” and yet this feels quite literal as the breach took place just hours after almost $200 million in digital assets were stolen from the cross-chain messaging protocol Nomad.
While the details of the hack were initially unclear, Slope and Phantom wallets were seeing millions drained from them in a matter of hours. The SolanaStatus Twitter page was keeping the wider Web 3 community updated on the rapidly unfolding situation.
“An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom.”
The Twitter page run by the Solana Foundation went on to stress the importance of using a hardware wallet as the only way to ensure adequate safety for your digital assets.
“There’s no evidence hardware wallets have been impacted — and users are strongly encouraged to use hardware wallets.” @solanastatus
Unfortunately, a major issue facing the Web 3 community is that hardware wallets are not widely used as they tend to be expensive and inconvenient. However, those lucky enough to have one set up did not have to go through the soul-crushing experience of seeing their wallet drained entirely.
By this afternoon, we had a clearer indication of how this breach may have occurred. According to a tweet from @oxfoobar and later confirmed by CoinDesk, Slope Wallet may have logged seed phrases as plain text on their own internal servers. Phantom Wallet users who also used Slope were compromised in the attack.
Slope Wallet released a statement where they neither confirm nor deny the allegations though they seem to take some accountability for the situation.
“We are actively diagnosing, and are committed to publishing a full post-mortem, earning back your trust, and making this as right as we can.” — Slope
While the exact numbers vary, it is estimated that victims were drained of nearly $6 million in Sol. The exact dollar figure is not as large as other breaches we have covered, however, Solana is one of the most prominent L1 chains and the news of the Slope hack does not bode well for the reputational safety of Web 3.
Get a Ledger and stay safe out there.
Thank you for reading.
Check out my unfiltered thoughts on Twitter:
https://twitter.com/wasifmrahman
Follow my career on LinkedIn:
https://www.linkedin.com/in/wasifmrahman/
My other Shower Thoughts on Medium:
https://medium.com/@wasifmrahman
Sources:
https://decrypt.co/106649/solana-wallet-hack-what-we-know-so-far
https://www.coindesk.com/markets/2022/08/03/phantom-wallet-exploit-drains-millions-in-sol-tokens/