Solana’s network problems continue. For over a year there have been persistent network outages. And now, a system hack. Over 8000 wallets and $7 million are affected. Here is one of the hack addresses.
There is a link to a Typeform page to let Solana know you’ve been affected by this hack. What’s going on there? What can we learn from it? Let’s take a look at what happened in Solana.
What Happened in the Latest Solana Hack?
This is how the news of the hack started early evening US time yesterday. At first, people thought it was a Phantom wallet issue. But what’s going on is affecting ALL Solana hot wallets? These include wallets that haven’t been active in 6 months or more. Phantom and Slope wallets are affected most with SOL and USDC stole from them.
And then later, ETH too. Some ETH in a Trust Wallet has been stolen too. In this case, Adam Cochran, Cinneamhain Ventures and contributor to Yearn Finance, learned that the Trust Wallet ETH was from a wallet that shared its seed with Slope Wallet. Trust Wallet users still have to be careful but risks are lower there.
The explanation from Ava Labs Founder, Emin Gun Sirer, who is the team behind Avalanche, describes the likely case here from a technical perspective. Some of the important features in this long, technical thread are:
- Transactions have proper signatures: This means someone has these wallet private keys that shouldn’t have them.
- Something in Solana’s programming with nonces: Numbers used once and added to an encrypted block, may accidentally reveal the private keys of wallets involved in transactions in that block.
- Only hot wallets are affected.
3 Lessons to Protect Your SOL Tokens from This Hack
So what can we learn? And more importantly, what can you do to protect yourself? We have 3 lessons for you.
Lesson #1: Hardware Wallets and CEX wallets are not affected
As you know, we normally don’t recommend CEX wallets and keeping your funds at the exchange unless you are holding your crypto short term and intend to trade with it. So when it comes to Solana, thanks to this exploit, you should hold your short-term in a CEX wallet.
In all cases, hardware wallets and CEXes seem unaffected, so those of you holding your Sol assets on those systems ought to be fine.
— Emin Gün Sirer🔺 (@el33th4xor) August 3, 2022
And for the long term, you should do what would recommend for any crypto you have and use a quality hardware wallet like Ledger or Trezor. If you haven’t, then move your tokens to a hardware wallet NOW.
Lesson #2: Revoke Permissions
Many of us in DeFi and NFTs use Metamask and/or other convenient browser-based hot wallets. And it makes sense for easy, fast transactions. It also makes these wallets a target for lots of phishing or hacking scams. One way these wallets are convenient and become targets is through features like automatic permissions and auto-signing of transactions.
8/ Here’s a video on how to revoke app access on Phantom
— Kiyomi (104) (@kiyomiwallet) August 3, 2022
To protect your Phantom Wallet holdings, revoke those permissions. Make everything return to manual permissions that you have to approve. Here’s how. Then set up a new wallet just to be safe. Here’s how and so you can move your coins and NFTs to a safer wallet.
Lesson #3: If you need a Hot Wallet, Move Your Coins!
If you need to have your coins accessible in a hot wallet, then move your coins to Metamask or Exodus for your SOL. You should bridge them over just to be safe since SOL hot wallets are compromised.
If you have USDC on SOL that is at risk too. The easiest thing to do is to bridge it over to another network. Then you remove the risk entirely. We recommend Wormhole or Allbridge but there are other reputable bridges as long as you can move your SOL and your SPL (Solana Program Library active on SOL network) tokens.
The bottom line is that if you have an SOL hot wallet you are vulnerable. It looks like the vulnerability is part of the wallet’s creation. That’s why even inactive wallets are affected. But we have 3 things you can do to protect yourself and your tokens and reduce those risks until we know for certain where the hack came from. Stay safe out there.
Unfortunately, this is not the first problem with Solana this year. However, if you follow these recommendations you will be able to protect your SOL.
For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
Find the most undervalued gems, up-to-date research and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.