Solana Blockchain is one of the most popular open source marketplace for digital assets. But something happened to it since it was in the radar of several cyber criminals. An attack was targeted towards it which caused the loopholes in the security system to be exploited.
In count, there were thousands of wallets that were affected by this attack. The attackers succeeded in looting cryptocurrency worth million U.S. Dollars. Well, maybe the security lacking in some places could be the reason for this attack. Let’s hear what the full case was.
About the attack
In this attack, the count of hacked wallets was 7,700. Some popular wallet holders were like Phantom and Slope. Due to the event, Solana starts an investigation just to search for the attackers’ ways to steal the amount. Well, they were too smart to steal the data without any hesitation.
In a report from blockchain analysis, a count of 7,936 wallets were found to be affected by this attack. The amount of loss was $5.2 million worth of Cryptocurrencies, involving NFTs, SOL, and 300 Solana-based Tokens. You won’t find this disturbing yet, well, now you’re going to be.
Not only the above mentioned wallets were gone in the attack but several other wallets such as Solflare and Trust Wallet were in the attack, too.
Users should just consider impacted wallets in this attack as compromised. Furthermore, for security purposes, they should just move to other hardware-based secure substitutes of wallets. E.g. cold wallets that are yet not affected.
Process of the Attack
As per the thought process of the researchers, there could be several ways in which proceeding with this attack was just as normal as anyone could think. Draining wallets via those methods was easy for the attackers.
Authentication Owners are the one who are responsible for signing money-siphoning transactions. It indicates that the cybercriminals may have breached the private keys.
Moreover, the tech was utilized in greed to get access to private keys that could be a supply chain attack. There could be other methods used as follows:
- random number generator utilized in the key generation process
- browser zero-day flaw.
There, another potential reason could be a nonce reuse bug that allows the cybercriminals to restore people’s secret keys, as long as a signature and the nonce are public. But the real deal is that the real adversary has not come into the custody of the police. It might take time but the issue would be resolved in time.
Results and Thoughts
These kinds of attacks have the chance of occurring again, so don’t keep the whole cryptocurrency amounts in a hot wallet. Utilize them only for storing lesser amounts. Moreover, if possible, keep the better parts of the assets in the cold wallet that is advised for the best.
That possibly means that those assets should be disconnected from third-party services and the internet. You might be able to understand the situation of the international market, so you better resolve issues around you in the meantime.
Moreover, for better security, you must acknowledge the consequences of not paying any attention to the security measures while getting any online payment services. Go Smooth, Go Smart!
Kindly read more articles: