The Solana cryptocurrency has had a series of disappointments, the latest to date: a second hack in less than a year confirmed this Wednesday, August 3 by the company on the “Solana Status” Twitter account. Hackers have targeted the Solana ecosystem, draining cryptocurrency funds from thousands of internet-connected “hot” wallets. Such attacks are common among blockchain platforms, but the news is still significant considering Solana has attracted lodges as one of the fastest and cheapest ecosystems for trading digital assets. The exact scale of this attack is not yet known, but according to a communication from Solana, 8,000 wallets were affected.
The hackers, it seems, have managed to steal both Solana’s own crypto (SOL) and some compatible with the Solana blockchain, such as the stablecoin USD Coin (USDC). As the attack is ongoing, the value of the stolen assets is unclear, but reports from independent analysts and security companies like PeckShield estimate losses at $8 million.
The Solana cryptocurrency was to be among the most promising digital tokens in the industry, at the dawn of “Web 3”, NFTs, and its new exchanges in the virtual worlds of the Metaverse. The altcoin (alternative token) SOL was created in 2018 to compete with the successes of bitcoin and its rival ether. In terms of weight in the crypto market still dominated by the Bitcoin protocol (446 billion dollars in valuation), Solana ranks 9th among cryptocurrencies, more than 13 billion dollars in valuation, according to the site Cryptoslate.
Solana has experienced security incidents in the past, including spam and Distributed Denial of Service (DDoS) attacks. At the same time, the company is also taking deposits for the Saga phone, which it says will launch next year with built-in support for decentralized network applications. A first hack involving Solana took place last February between computer protocols for decentralized finance services (DeFi) and digital wallets. The sum of 320 million dollars in total, had finally been recovered following negotiations with the hacker, reported Bloomberg.
Solana’s official Twitter account now says that around 8,000 wallets (up from 7,767 previously) appear to have been affected by the attack, including those operated by third parties, Phantom and Slope. The company did not explain the cause of the attack, but noted that there was no evidence that hardware wallets (those not connected to the internet) were affected.
In a tweet, the company’s status update states: This does not appear to be a bug in Solana’s core code, but software used by several popular software wallets among network users.
On Twitter, however, Solana co-founder Anatoly Yakovenko went into a bit more detail, suggesting that the hack appeared to be a supply chain attack targeting both iOS and Android apps (meaning the attackers exploited some weakness in connected apps or browser extensions). The transactions are signed with the users’ private keys, which suggests that the attackers have somehow compromised the seed phrase that is used to secure their wallets.
Priority security measures to take
A transfer of your funds to cold storage
Repatriate your funds to cold storage. After verifying that your wallet has not been affected by the hack, transferring your funds to cold storage might prove to be a good idea. Indeed, elements that date back to the present time, hacking does not seem to concern cold storage (hardware wallet). So, if you have a Ledger, NGrave or Trezor key, take a few minutes to repatriate your assets.
Transfer your funds on a centralized trusted platform
If you don’t have a cold wallet, a temporary solution could be to transfer your tokens to a centralized exchange (CEX) like Binance or FTX. Even if some will find fault with it, delegating the conservation and security of your assets to a well-reputed player for a time will allow you to wait more calmly for the storm to pass.
Terminate all access permissions to your browser wallet
Revoke the access authorizations to your wallets. Consider terminating all access permissions to your browser wallet. These often remain open after an NFT mint or an interaction with a smart contract. These are the perfect paths to access your funds. You will find the tool allowing the lifting of these authorizations in the parameters of your wallet.
Be careful on social networks
Moments of stress and worry make you more vulnerable and if you escape the main hack, make sure you don’t fall into the ambush of those who will try to impersonate a customer service, or a consulting company, to access your funds. , the favor of ambient stress. Outside networks and official sites, do not take anyone’s word for it, especially on social networks, and never entrust strategic information to anyone, such as a private key or password, for example.
Source : Twitter
And you?
What is your opinion on the subject?
See as well :
Wormhole gets $320 million worth of ether stolen and offers hackers a $10 million bounty in exchange for stolen funds and details of exploited vulnerability
Cybersecurity expert awarded $2 million for patching major flaw in Optimism that allegedly allowed continued illegal creation of ETH tokens
Qubit Finance gets $80 million in crypto stolen and offers hacker $250,000 bounty in exchange for stolen funds
Hacker stole over $600 million from Ronin, the blockchain behind NFT game Axie Infinity, making it the biggest attack on a decentralized finance platform