Solana, Nomad Crypto Wallets Hacked, Losing Tens of Millions

Comment

A pair of crypto hacks totaling nearly $200 million in losses and likely affecting more than 10,000 users has raised concerns in an industry already unsettled by falling prices.

On Wednesday, Solana, a popular blockchain and token chain, said some wallets containing its assets had been breached. At least 7,700 of these wallets are believed to be affected, the company said, while London-based blockchain analytics firm Elliptic put the amount stolen at $5.2 million in cryptocurrency, which includes cryptocurrency tokens. Solana and the stable coin known as USD.

“An exploit allowed a malicious actor to drain funds from various wallets on Solana,” the company said. said via Twitter. “Engineers are currently working with various security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.”

The hack is believed to have taken over wallets like Slope and Phantom. These are “hot wallets”, that is, wallets that allow ultra-fast transactions because they are always connected to the Internet, as opposed to “cold wallets”, which usually require a USB drive and have long periods of disconnection. Solana, which at one point had the fifth most popular token before a slide, has made a name for itself as a blockchain that can transfer funds extremely quickly.

The news follows Monday’s revelation from Nomad, a so-called blockchain bridge, which acknowledged that around $190 million was taken from it after a hacker infiltrated its system. The attack became known as “round robin”, because the hacker’s original code allowed anyone to copy it and steal the crypto for themselves. It is not known where the money went.

Nomadic said its executives were working with police and a blockchain data firm called TRM Labs to locate the funds, with no update as of Wednesday afternoon. He said they were working on “investigation/recovery” as well as “technical fixes.”

In an unusual move, the company early Wednesday provided an address for anyone who might have chosen to take the money in a noble act of protection.

“Dear white hat hackers and ethical investigator friends who have been safeguarding ETH/ERC-20 tokens, please send the funds to the following ethereum wallet address,” he said on Twitter. It is not known if any Good Samaritans accepted the company’s offer.

A blockchain bridge allows consumers to exchange cryptocurrencies from one blockchain to another, for example from bitcoin to ethereum, making them vulnerable to what security experts call “both sides,” weaknesses in either. the block chains. These bridges also tend to be newer and in some cases more hastily designed. In March, another blockchain bridge known as Ronin was hacked for amounts totaling more than $600 million in cryptocurrency.

“To date, approximately $1.8 billion has been stolen from these services and it is concerning that their security standards do not appear to match the massive amounts of capital entrusted to them,” said Tom Robinson, co-founder and chief scientist at Elliptic. in an email to The Washington Post, referring to the bridges.

Meanwhile, the Solana case has raised concern because it was compromised by factors beyond its control. While some argue that the hack doesn’t show that any of the industry’s foundations are shaky: “This wasn’t a core blockchain problem, it probably looks like an app that someone created was buggy,” the cryptocurrency mogul said. crypto Sam Bankman-Fried to Fortune on Wednesday. he singled out critics for the interconnectedness of crypto networks and the inability of one party to fully examine all the others.

While the hacks involved discreet entities, blockchain bridges and hot wallets also underscore what many crypto enthusiasts say is so appealing about the form: ease of use. The former allows disparate blockchains to communicate, potentially as essential to the next tech age as, say, people with AT&T and Verizon phone plans being able to talk to each other were to a previous one.

And cold storage, while more secure, seems to undermine what lies at the heart of cryptocurrency’s appeal, which is allowing transfers without the delays and waits of traditional banking transactions.

On social media Wednesday, many showed images of their wallets suddenly displaying zero balances, while others questioned the hot wallets. “So you’re telling me that storing my entire net worth in a Google Chrome extension would be considered a bad move?” a movement wrote of Ghost.

But experts say the problem may be more serious than that. Finding solutions, they point out, could mean making sacrifices within the goals envisioned by crypto idealists.

“One of the advantages of opening up the banking system in this way is speed and lower barriers to transactions,” said William Callahan III, a former Drug Enforcement Administration special agent who now serves as director of government affairs. and strategic for a company called The Blockchain Intelligence Group. “But what these hacks show is that we need to step back and question that idea of ​​accessibility, as speed is also part of the problem. We need to balance speed with safety.”

Still, Callahan said, he believed such a reinforcement was possible. “Blockchain bridges need to increase their protection, while consumers may need to use more cold storage,” he added.

The need for speed could be diminishing on its own as some people leave cryptocurrencies. Bitcoin, a strong barometer of crypto activity, has lost 50 percent of its value in 2022 as investors dumped the asset, though it has seen a rebound from its sub-$19,000 price in June to around $23. 000 in the last few weeks.

Leave a Comment