A Brief Discourse About the Solana Hackby@wole
960 reads
960 reads

A Brief Discourse About the Solana Hack

by Hephzibah AdejumoAugust 4th, 2022
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

Solana wasn't hacked. Instead, a wallet provider, which logged user private keys, was compromised.

Company Mentioned

Mention Thumbnail

Coin Mentioned

Mention Thumbnail
featured image - A Brief Discourse About the Solana Hack
Hephzibah Adejumo HackerNoon profile picture

On August 2, 2022, the Solana ecosystem was hit by an attack that affected 8,000 wallets and drained them of an excess of $5 million in SOL and SPL tokens.

Hacking Crypto Wallets

Your wallet can be compromised if you sign a malicious transaction or expose your private keys. Therefore, all you need to do to protect yourself is to keep your keys safe and avoid signing sketchy transactions. Seems easy enough, right? Wrong.

Crypto scams involving wallet hacks and drains employ various hacking techniques, including social engineering. The running theme is to goad people into connecting their wallets to malicious sites, protocols and dApps, and signing transactions.

In cases where the target cannot be made to sign a transaction, the following line of action is to gain access to their private keys. Your private keys can be compromised if a third party has access to it, for instance, if you store them on your device or in electronic format.

The Solana Hack

Solana was not hacked, and it remains a secure blockchain. The Solana Hack erroneously refers to the compromise of 8,000 wallets, which led to a loss of funds of about $5 million. Once it became apparent that a hack was ongoing, the community was advised to revoke all trusted connections made to any protocols. However, this didn’t stop the hack.

Most drained wallets had not signed any transaction before, so a malicious transaction is ruled out. A preliminary investigation shows that the wallets were sending out the funds by themselves.

The next thing to consider is a leak of private keys. It seems almost implausible that all those wallets had their keys leaked and an attack launched simultaneously. It would be understandable if it were an organization that suffered a breach since they use a centralized database, but these were random users with seemingly no link between them.

Due to the nature of the blockchain and how non-custodial wallets are created, no entity should have access to your keys unless you were careless with them.

A non-custodial wallet is created on your device, and the information is not sent across a server. When non-custodial wallets are created, the keys are randomly generated without a mathematical relationship between the keys and corresponding addresses. I don’t want to get into the technical details, but a key can’t be generated from an address.

Since the hack wasn’t because of signing a malicious transaction, it is evident that it was a leak of keys. The question now is how the keys were leaked. Private Keys can be leaked in a myriad of ways, such as:

  • You were carelessly storing your keys, such as in your diary, where they can easily be exposed.
  • Your device is infected by a monitoring program, such as a keylogger.
  • You were sending keys over the internet, which makes you susceptible to man-in-the-middle attacks.

But in an unexpected turn, it was revealed that the breach was caused by a wallet provider called Slope Wallet. An investigation by security auditors and developers revealed that private keys were transmitted to an application monitoring device, and the wallets affected were either created or imported into Slope Wallet.

Slope Wallet logged wallet seed phrases in their servers, which shouldn’t be possible for non-custodial wallets since the wallet is created on your device. Perhaps this was a careless code, enabling them to read information and log it, or it was by design. This logging of keys caused the hacker to be able to get their hands on them by breaching Slope’s database. Slope Wallet is supposedly a non-custodial wallet service provider, and a leak like this begins to raise questions about security and privacy in general.