No doubt blockchain technology is bringing innovation and convenience to us, it is also at the same time a big automated cash machine to the hackers. Too often we have heard the news about this chain being hacked, that crypto being exploited and if only one day there was no more hacking, it would truly be the major headlines. Yet again, another crypto hack happened this week – a Solana-based crypto wallet was compromised. The total amount of US dollars hacked wasn’t that much compared with those major exploits, but it is scary enough to make users think twice before using Solana-based apps again.
On August 3, many users tweeted that their crypto assets in Phantom wallet, another Solana-based crypto wallet, were transferred without notice. It was very confusing at first as many of them had never granted approval to any site or signed any transaction before the hack. People started thinking if Solana’s blockchain has been compromised. A day later, turned out that Slope Finance’s wallet is the one to blame. It was neither the fault of approval nor transaction but seed phrase leakage. The exploit was figured out by the Solana developers that while Slope users download and install the app on their mobile phones (both iOS and Android), the mobile app itself would trigger an event log and upload it to the event logging platform ‘Sentry’. Everything is uploaded without censorship, so does the seed phrase. If the Slope user turns out to be using the same seed phrase of his/her Phantom wallet, then both of the wallets are compromised at the same time.
The event log that contains wallet’s seed phrase was uploaded to Sentry. Source: @Zellic_io & @sniko_
According to the findings of blockchain auditing firm Zellic, Slope has only been using Sentry services for one week until the attack happened. Those event logs that uploaded to Sentry are not publicly disclosed, thus whoever has the access to Sentry, is able to go through all of them and perform the trick. This means the culprit is most likely the insider of Slope or Sentry. In Solana Foundation’s words, "This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network." Well, it’s not Solana’s fault, next one.
Solana developers’ statement. Source: @SolanaStatus
This case happened a half year ago, back in February 2022, the Wormhole network was exploited for 120k wrapped ETH which was worth US$312 million during then. Wormhole is a DeFi platform that acts as a token bridge binding several high-value chains. A blockchain bridge is a protocol connecting two or more different blockchains, providing convenience to all of us crypto users for swapping crypto cross-chain, however, it is also pretty exploitable as well. The developers need to write several smart contracts for each chain available on the bridge. In this case, there was one smart contract on Solana and one on Ethereum, while the hack occurred on Solana’s side. Without getting too much into technical details, in short, the hacker exploited Wormhole’s Solana smart contract, minted 120k wrapped ETH on Solana blockchain and then redeemed 93,750 of it onto the Ethereum network. Again, we can see clearly the fault was on the developers. The same goes for Slope’s case too.
The wallet address that holds the Wormhole’s hacked wETH, is still sitting on it, probably waiting for the best chance to cash out. Source:
https://etherscan.io/address/0x629e7da20197a5429d30da36e77d06cdf796b71a
Apparently, like what the Solana Foundation has said, the Solana core code is running well, but the developers are not. Compare to the 7-year-old veteran Ethereum, Solana which was launched only in March 2020, is still considered ‘fresh’ to most of the developers out there. While I can only read Ethereum smart contracts at best, what I understand from the blockchain experts is that Solana smart contracts act differently from ordinary smart contracts. So, if the developers do not have enough Solana smart contract coding experience, the end product will probably blow up somehow, somewhere. It is understandable to support new innovations in the blockchain space, but if you are just a small investor like me, aren’t there better projects to support instead of the one that keeps giving you unnecessary surprises out of nowhere?
Written by: [Coinlive] Nell
Yuga Labs won a legal victory over Ripps and Cahen, who must pay $9M and transfer all related NFTs and intellectual property, setting a significant precedent in NFT copyright law.
WeiliangFTX seeks rapid sale of its 7.84% Anthropic stake, aiming to maximize creditor returns as part of its financial recovery strategy under new management.
MiyukiEligio Regalado, a Denver pastor, faces accusations of misusing $1.3M in a cryptocurrency scam, preaching amid legal woes, and asserting divine guidance in financial dealings.
AlexThe Kenosha Police warn against a new Bitcoin ATM scam, urging vigilance against identity theft tactics and stressing the importance of skepticism towards unsolicited financial directives.
BrianSteve Christie returns as DCCO to Binance, strategizing compliance amidst heavy U.S. regulatory settlements and industry challenges.
BrianBinance faces alleged data breach claims on the dark web, highlighting the critical, ongoing challenges of digital security and the importance of robust protective measures in the cryptocurrency sector.
WeiliangElderly women sue JPMorgan Chase, claiming the bank failed to prevent a $2.2 million scam, spotlighting the urgent need for better protection against elder financial fraud.
MiyukiFarcaster's user base surged 400% with the introduction of frames in Warpcast, revolutionizing user interaction and setting new standards in the decentralized social media landscape.
AlexIn a high-stakes legal showdown, the UK High Court delves into the mystery of Bitcoin's creator as the Crypto Open Patent Alliance challenges Craig Wright's bold claims. With a rejected settlement offer adding drama, the courtroom spectacle unfolds, promising a thrilling saga of legal battles and the quest to unveil the true identity behind Satoshi.
JoyBithumb slashes fees and expands Maker Rewards, offering luxury benefits to black level members, setting new industry standards for value and service.
Brian