What happened to Solana during the recent hack?

What happened to Solana during the recent hack? Here are the possible causes, and how other crypto projects reacted

In the late evening of Tuesday, the 3rd of August 2022, several wallets on the Solana network were hacked. The attack lasted several hours and its main target was the most popular hot wallet in the Solana ecosystem: the Phantom wallet. Hackers allegedly took possession of the private keys of some users. It was later reported that the hack may have originated from Slope, another Solana wallet. Although this attack was a blow to the network, the blockchain itself was not damaged and continues to function. Many engineers and developers, including from other blockchain projects, are working together to understand what happened to Solana during the hack and what the real cause of the attack was.

Did the hack compromise Solana’s blockchain?

Small spoiler: no. The hacker attack targeted Solana’s browser wallets, and in particular those that had been inactive for more than six months. These include Phantom, Slope, Solfare and TrustWallet. The attack would appear to be linked to the vulnerability of online wallets and thus compromised users’ private keys. In fact, if we look at Solana’s blockchain explorer, Solscan.io, the transactions appear to be signed by the ‘real’ owners.

Not only were SOL tokens stolen, but also other cryptocurrencies and tokens. The USDC stablecoin was affected in particular, and the stolen amount appears to be higher than that of SOL. The good news? Funds held on cold wallets and exchanges such as Young Platform, were not affected by the attack. In short, the hack did not compromise Solana’s blockchain but it did do so for several hot wallets.

How to protect yourself from attacks: differences between cold and hot wallets

The issue of security is central, especially when interacting with DeFi protocols as in this case. As a user, it is essential to know all the available wallet options and their specificities. Each type of wallet has both strengths and weaknesses. For instance, self-custodial wallets are wallets in which private keys are totally managed by users.  They can be hot wallets or cold wallets. A hot wallet is ready for use on any Dapp as it is always connected to the Internet. The convenience of having an always-online wallet is offset by a lower degree of security than other wallet types. Hot wallets are either browser extensions or desktop and smartphone applications and, if not kept offline, they are vulnerable to viruses or attacks. Some examples of this type of wallet are: Metamask, Trust Wallet or even the targets of the recent hack.

The other type of self-custodial wallet, on the other hand, is more like a safe: cold wallets. While they are somewhat more cumbersome to use, they are also more secure. Cold wallets are only connected to the internet while the holder wants to use their contents. Once the transaction has been sent, the wallet is disconnected both from the network and from other devices and is thus again safe from potential online attacks. If you want to learn more about the pros and cons of all the wallets out there, check out the dedicated Young Academy article here!

Solana’s most famous Dapp statements

Solana’s most famous Dapps were quick to speak out about the recent hack. Magic Eden, the main NFT marketplace, just announced yesterday that it would become cross-chain, starting to also accept offers in Ethereum for NFT collections. While the hack was underway, they reiterated the procedure to follow in order to avoid losing your tokens.

In summary, the NFT marketplace recommended creating a new Solana wallet and transferring your NFTs there first, and then your crypto. This advice is to be taken of course if a cold wallet is not at your immediate disposal.

In the hours following the attack, the Phantom team informed the community that they are working closely with the Solana team and other protocols. What is their objective? To understand what happened and why Solana’s wallets were hacked. The blockchain company also stated that it did not believe it was a Phantom specific problem. On Twitter, the wallet company stated: ‘Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope. We are still actively working to identify if there were other vulnerabilities that contributed to this incident.”

Emin Gün Sirer, CEO and founder of Avalabs, also commented on the Solana wallet hack. In the thread posted on his Twitter profile, he provided his community with some insight into trying to understand and explain what happened, reassuring those who held funds on centralised exchanges and cold wallets. Finally, he expressed solidarity with those affected by the hack.

We await new developments and information regarding the hacking attack on Solana’s wallets. Please check our blog for updates on this issue.