Web3 Daily

View Original

What happened with the $6 million Solana hack*?

Oh damn! Another hack?

Weirdly enough, this one was similar to yesterday's - it came from a bridging protocol.

(Which is crypto talk for a currency exchange provider - it converts one cryptocurrency into another).

It looks like it wasn't the Solana (SOL) blockchain itself that was hacked, but the Phantom, TrustWallet and Slope hot wallets.

(Which had Solana tokens stolen from them).

So to call it a Solana hack might be a bit of a stretch - that'd be like calling a 'bank heist' a 'USD heist.'

...should we change our headline? We'll put an asterisk in there, how's that? (*)

Here's the real world equivalent of what happened:

Any wallet that was connected to Slope became vulnerable, because they kept user's seed phrases (or passwords) in plain text formats on their centralized servers - which were hacked.

That's like a bank employee leaving their computer's login details on a post-it note, stuck to their monitor.

All someone would need to do is figure out how to get into their office, and then BOOM! They'd have access to all of the bank's customer accounts, and would be able to transfer the money wherever they wanted.

That's what happened with the Slope servers.

All told, at the time of this writing, $6 million worth of Solana was stolen.

So what's the takeaway?

  1. Don't keep the bulk of your holdings on a hot wallet (i.e. a wallet that is connected to the internet at all times).

  2. Instead, use a hard wallet to shoulder that burden (they can be connected to the internet, but aren't by default).

If you need a hard wallet, we're shilling them down below.

(How convenient).

READ MORE