current position:Home>Massive Solana Wallet Stolen, Former 'Ethereum Killer' Controversial

Massive Solana Wallet Stolen, Former 'Ethereum Killer' Controversial

2022-08-06 03:32:11Gyro Finance

e5c3d4b476bd022a068631fee876fd44.jpeg

August didn't seem like a great start for the blockchain industry, with security incidents spewing out.On August 1, Nomad Bridge was hacked and nearly $200 million was stolen.On August 2, a large-scale currency theft incident occurred in Solana, and a large number of users were emptied of their wallets without knowing it.Within 10 minutes, as much as $6 million in crypto assets was stolen from Phantom wallets.

Solana is currently a trending topic on Twitter, and the repercussions of the incident are still unfolding, with over 8,000 wallets stolen and counting.

Why was Solana stolen?Multiple voices

Emin Gun Sirer, CEO and founder of Ava Labs, said that more than 7,000 wallets were affected, and that number is growing at a rate of around 20 per minute. Regarding the reason for the theft, he believes, Since the transaction appears to be signed correctly, it is likely that the attacker has gained access to the private key.

0d026dd52a5efa86b89ebe5503893af1.png

The developers, with the help of several security firms, investigated the wallets on Solana that had their assets empty, and there was no evidence that hardware wallets were affected.

Shortly after the attack, Phantom noted that it was working with other teams to identify the source of the problem, and at this time, it does not believe this is a problem unique to Phantom.”

Subsequently, Slope also tweeted that it is currently working with Solana Labs and other Solana-based protocols to identify the problem and correct it, but "has not yet made a major breakthrough."

STEPN has also become one of the suspects that led to the incident.STEPN reminds users that if users import/export any non-custodial wallets external to STEPN, they may need to consider:

1. Check the wallet to see if any assets are missing

2. Transfer assets out of the wallet

3. Generate a new non-custodial wallet from the STEPN application

f20fa23522ce6ce099dc6f9f3f3d5e17.png

Furthermore, Solana-based NFT marketplace Magic Eden is also suspected of being involved in the attack.Magic Eden tweeted users how to protect themselves: "1. Go to Phantom wallet settings page; 2. Click on trusted apps; 3. Revoke permission for any suspicious links."

SlowMist Technology, a well-known blockchain security agency, stated on August 3 that from the transaction characteristics, the attacker signed the account transfer without using the attack contract, and the initial judgment was that the private key was leaked.Many victims have reported that they have used a variety of different wallets, mainly mobile wallets. We speculate that the problem may occur in the software supply chain.

Godfall software engineer Stephen Lacy tweeted about a massive malware attack on github.This attack sends the entire ENV of the script, application, laptop (electron application) to the attacker's server, and the ENV includes security keys, encryption keys, etc.

The real reason behind the attack is not yet known, and it will take time to investigate.However, all users with Solana-based hot wallets (such as Phantom and Slope wallets) are reminded that it is necessary to temporarily transfer funds to cold wallets or well-known centralized exchanges.

Once "Ethereum Killer", now "Crash Chain"

As the biggest dark horse on the public chain track in 2021, Solana has attracted the attention of many institutions and users, and was once touted as an "Ethereum killer".However, so far, the Solana blockchain has suffered multiple downtime events, and it has been jokingly called the "downtime chain".

Well-known Twitter KOL, DeFi developer "foobar" satirized Solana's fragile security and poor user experience on Twitter, saying: "Ethereum attacks take hours to complete and require the participation of the entire communityCome in, and the Solana hacker can clean your wallet in seconds. Unparalleled user experience.”

c812c394f8021eb580ad37a24ed96712.png

Security is a perennial issue.Ethereum has been in operation for many years and has gone through the test of time, and the network has become very mature and stable; while new public chains often develop at a very fast pace, and a huge ecosystem is quickly established within 1-2 years. New technologies and new mechanisms bring aboutMany problems are constantly exposed in practice.

Solana's attack again also shows that the public chain still has a long way to go that has been overlooked by many people on the road to becoming an "Ethereum killer".In terms of security, Ethereum is still our best bet right now.

Business cooperation

Xiaohuang: xiaohuanghuang233

Mango: 19925139144


Recommended reading

d23708080228d954f69ba3d06a47970d.jpeg

20b67c8ac38b0e83b19c46c09dc797b9.jpeg

45a6679531a26d4252c80a4611653e3b.jpeg

copyright notice
author[Gyro Finance],Please bring the original link to reprint, thank you.
https://en.netfreeman.com/2022/218/202208060321306797.html

Random recommended