Solana, Nomad crypto wallets are hacked, with losses in the tens of millions

Comment

A pair of crypto hacks totaling nearly $200 million in losses and likely affecting more than 10,000 users has sparked concern in an industry already rocked by falling prices.

On Wednesday, Solana, a popular blockchain and token, said some wallets containing its assets had been hacked. At least 7,700 such wallets would be affected, the company said, while London-based blockchain analytics firm Elliptic estimated the amount stolen at $5.2 million in crypto, which includes the tokens. Solana and the stablecoin known as USD.

“An exploit allowed a malicious actor to drain funds from a number of wallets on Solana,” the company said. said through Twitter. “Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.”

The hack is believed to have taken hold of wallets such as Slope and Phantom. These are “hot wallets”, i.e. wallets that allow ultra-fast transactions because they are always connected to the Internet, as opposed to “cold wallets”, which generally require a USB key and have long disconnection periods. Solana – which at one point had the fifth most popular token before a slide – made a name for itself as a blockchain capable of transferring funds extremely quickly.

The news follows Monday’s revelation from Nomad, a so-called blockchain bridge, which admitted that around $190 million had been withdrawn from it after a hacker infiltrated its system. The attack was known as “free for all” because the hacker’s original code allowed anyone to copy it and steal the crypto for themselves. We don’t know where the money went.

Nomadic said its executives were working with law enforcement and a blockchain data firm called TRM Labs to locate the funds, with no update as of Wednesday afternoon. He said they were working on “investigation/recovery” as well as “technical fixes”.

In an unusual move, the company provided an address early Wednesday for anyone who chose to seize the cash in a noble act of protection.

“Dear hackers and fellow ethical researchers who have protected ETH/ERC-20 tokens, please send funds to the following wallet address on Ethereum,” he said on Twitter. It is unclear if any Good Samaritans accepted the company’s offer.

A blockchain bridge allows consumers to swap crypto from one blockchain to another – say, from bitcoin to ethereum – making it vulnerable to what security experts call “both sides,” the weaknesses of the blockchain. one or the other blockchain. These bridges also tend to be newer and, in some cases, more hastily designed. In March, another blockchain bridge known as Ronin was hacked for amounts totaling over $600 million in crypto.

“To date, approximately $1.8 billion has been stolen from these services and it is concerning that their security standards do not appear to match the enormous assets entrusted to them,” said Tom Robinson, co-founder and scientist in chief of Elliptic. in an email to the Washington Post, referring to the bridges.

Meanwhile, Solana’s case has raised concerns as she has been made vulnerable by factors beyond her control. While some argue that the hack doesn’t show that the foundations of the industry are shaky – “It wasn’t a core blockchain issue, it probably looks like an app someone built was buggy”, crypto mogul Sam Bankman-Fried told Fortune on Wednesday — he pointed out to critics the interdependence of crypto networks and the inability of one party to fully control all the others.

While the hacks involved discrete entities, blockchain bridges and hot wallets also underscore what many crypto enthusiasts say is so appealing about the form: ease of use. The first allows disparate blockchains to communicate — potentially as essential to a coming technological era as, say, people with AT&T and Verizon phone plans who can talk to each other were to an earlier one.

And cold storage, while more secure, would seem to undermine what is at the heart of crypto’s appeal, which is enabling transfers without the delays and waits of traditional banking transactions.

On social media on Wednesday, many showed images of their wallets suddenly showing zero balances, while others questioned the hot wallets. “So you’re telling me that storing all my net worth on a Google Chrome extension would be considered a bad decision?” a commotion wrote of Ghost.

But experts say the problem could be more serious than that. Finding solutions, they note, could mean making sacrifices within the goals envisioned by crypto idealists.

“One of the benefits of opening up the banking system in this way is the speed and reduced impediments to transactions,” said William Callahan III, a former Drug Enforcement Administration special agent who is now director of government affairs. and strategic for a company called the Blockchain Intelligence Group. “But what these hacks show is that we need to take a step back and challenge this idea of ​​accessibility, because speed is also part of the problem. We need to balance speed and security.

Still, Callahan said he believed such a boost was possible. “Blockchain bridges need to increase their protection, while consumers may need to use more cold storage,” he added.

The need for speed might decrease on its own as some people leave cryptocurrency. Bitcoin, a strong barometer of crypto activity, lost 50% of its value in 2022 as investors dumped the asset, although it rebounded from its price below $19,000 in June to hover around $23,000 in recent weeks.

Leave a Comment