Massive Solana Wallet Stolen, Former 'Ethereum Killer' Controversial

August didn't seem like a great start for the blockchain industry, with security incidents spewing out.On August 1, Nomad Bridge was hacked and nearly $200 million was stolen.On August 2, a large-scale currency theft incident occurred in Solana, and a large number of users were emptied of their wallets without knowing it.Within 10 minutes, as much as $6 million in crypto assets was stolen from Phantom wallets.

Solana is currently a trending topic on Twitter, and the repercussions of the incident are still unfolding, with over 8,000 wallets stolen and counting.

Why was Solana stolen?Multiple voices

Emin Gun Sirer, CEO and founder of Ava Labs, said that more than 7,000 wallets were affected, and that number is growing at a rate of around 20 per minute. Regarding the reason for the theft, he believes, Since the transaction appears to be signed correctly, it is likely that the attacker has gained access to the private key.

The developers, with the help of several security firms, investigated the wallets on Solana that had their assets empty, and there was no evidence that hardware wallets were affected.

Shortly after the attack, Phantom noted that it was working with other teams to identify the source of the problem, and at this time, it does not believe this is a problem unique to Phantom.”

Subsequently, Slope also tweeted that it is currently working with Solana Labs and other Solana-based protocols to identify the problem and correct it, but "has not yet made a major breakthrough."

STEPN has also become one of the suspects that led to the incident.STEPN reminds users that if users import/export any non-custodial wallets external to STEPN, they may need to consider:

1. Check the wallet to see if any assets are missing

2. Transfer assets out of the wallet

3. Generate a new non-custodial wallet from the STEPN application

Furthermore, Solana-based NFT marketplace Magic Eden is also suspected of being involved in the attack.Magic Eden tweeted users how to protect themselves: "1. Go to Phantom wallet settings page; 2. Click on trusted apps; 3. Revoke permission for any suspicious links."

SlowMist Technology, a well-known blockchain security agency, stated on August 3 that from the transaction characteristics, the attacker signed the account transfer without using the attack contract, and the initial judgment was that the private key was leaked.Many victims have reported that they have used a variety of different wallets, mainly mobile wallets. We speculate that the problem may occur in the software supply chain.

Godfall software engineer Stephen Lacy tweeted about a massive malware attack on github.This attack sends the entire ENV of the script, application, laptop (electron application) to the attacker's server, and the ENV includes security keys, encryption keys, etc.

The real reason behind the attack is not yet known, and it will take time to investigate.However, all users with Solana-based hot wallets (such as Phantom and Slope wallets) are reminded that it is necessary to temporarily transfer funds to cold wallets or well-known centralized exchanges.

Once "Ethereum Killer", now "Crash Chain"

As the biggest dark horse on the public chain track in 2021, Solana has attracted the attention of many institutions and users, and was once touted as an "Ethereum killer".However, so far, the Solana blockchain has suffered multiple downtime events, and it has been jokingly called the "downtime chain".

Well-known Twitter KOL, DeFi developer "foobar" satirized Solana's fragile security and poor user experience on Twitter, saying: "Ethereum attacks take hours to complete and require the participation of the entire communityCome in, and the Solana hacker can clean your wallet in seconds. Unparalleled user experience.”

Security is a perennial issue.Ethereum has been in operation for many years and has gone through the test of time, and the network has become very mature and stable; while new public chains often develop at a very fast pace, and a huge ecosystem is quickly established within 1-2 years. New technologies and new mechanisms bring aboutMany problems are constantly exposed in practice.

Solana's attack again also shows that the public chain still has a long way to go that has been overlooked by many people on the road to becoming an "Ethereum killer".In terms of security, Ethereum is still our best bet right now.

Business cooperation

Xiaohuang: xiaohuanghuang233

Mango: 19925139144

Recommended reading