It’s time to tell you what really happened to Solana and what the final results of the investigation are on the cause of the hack. I will also give you some handy tips to prevent you from getting into this unpleasant situation.
We’re going through some dull days. Some days, we write that Solana is not working, and on others, we come out with headlines that it is up and running again. Nothing seemed to predict disruption to our stable routine. But on Monday, something terrifying happened — Solana got hacked (by someone sneakily catching the moment when the blockchain was working).
The market is just as freaked out as we are; no one expected such a turn of events.
The brand new newsletter with insights, market analysis and daily opportunities.
Let’s grow together!
But it’s not all that simple. You know Solana is the god of mess, so even with the hacking, things here are incredibly confusing, ambiguous and controversial. Some say Solana was finally hacked at the blockchain level, and the network is dead, and some say it wasn’t — it was broken just a little bit, but otherwise, it’s okay.
We did our own investigation, and it wasn’t easy.
You can read the first news about the incident in our review; below in this article, I used the following sources: an official thread from Solana, a thread from security researcher Adam Cochran, and a thread from another blockchain security researcher calling himself “CIA Officer.”
Here are the main insights and conclusions from the events (you can find even more details at the source links above):
The official Solana Foundation conclusion sums it up this way:
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure. While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.
There is no evidence the Solana protocol or its cryptography was compromised.
Let’s hope this is the final result of the investigation. If this is true, then the panic about Solana being hacked is greatly overestimated, and only individual users of the third-party app were affected. Nevertheless, of course, no one will return the stolen money.
According to preliminary estimates of Solscan tracker experts, the attackers gained access to almost 9000 crypto-users and stole USDC, SOL coins and several other altcoins worth just over $5 million.
What conclusions can be drawn from this story? What advice can be given to avoid getting into the same situation in the future?
Obviously, in most cases, the problem is not focused on the blockchain and cryptography side but on the client side, where the human factor is involved. This is the bottleneck where all your attention and diligence should be directed.
Anatoly Yakovenko, the co-founder of Solana Foundation, gave two essential tips on how to avoid losing digital assets in similar incidents:
Let’s also add a third important piece of advice given by a member of the Solana community.
You should only use verified, assembled from open source wallets/applications (as much as possible). In particular, he gives a dangerous illustrative example where the private key is hardcoded into the code of the wallet itself, which was most likely the reason for the massive hack in the Slope case:
Hermetica Labs announces the debut of USDh, a pioneering Bitcoin-based synthetic United States dollar featuring…
Turkey, a significant player in the global cryptocurrency landscape, is gearing up to introduce crypto-related…
The decision by zkSNACKs to discontinue its CoinJoin coordination service has stirred concerns among Bitcoin…
Hello, fellow crypto enthusiasts! 👋 As we embark on another week in the ever-evolving crypto…
EigenLayer, a protocol for Ethereum restaking, recently announced an airdrop plan that garnered both praise…
Keonne Rodriguez, a figure linked to the cryptocurrency mixing service Samourai Wallet, has entered a…