At this point, it’s tempting to say, “Another day, another massive crypto hack.”
But this one’s different.
While the sum involved is relatively small — an estimated $8 million, compared to the $190 million attack on the Nomad cross-chain payments bridge on Monday (Aug. 1) — the problem isn’t a single platform’s bad code, but a broad hack of thousands of individuals’ digital wallets.
See also: Hack of Crypto Payments Bridge Turns into $190M DeFi Free-for-All
That’s very different, and very concerning. Crypto wallets can be complex, and those that are connected full time to the internet — known as hot wallets — can be very dangerous. But the weaknesses are generally exploited on a one-by-one basis, with cybercriminals using tools like phishing attacks that trick people into giving access to bad actors via a fake link or fraudulent offer, as well as malware and man-in-the-middle attacks.
All of the affected wallets are on Solana, a prominent “Ethereum killer” smart contract blockchain, but they include several major hot wallets, including the most popular one on Solana, Phantom, as well as Slope and TrustWallet.
Read more: Blockchain Series: What Is Solana?
What’s more concerning in some ways is that no one knows how the thefts, which are reportedly ongoing, are happening. Generally, hacks are spotted within a few hours, or even minutes, as individuals and blockchain security companies monitoring blockchain activity spot unusual and suspicious transfers. This one began on Tuesday (Aug. 2) evening and is apparently still underway on Wednesday (Aug. 3).
Usually, as in the case of Nomad, someone quickly figures out how the attacker exploited a flaw in the project’s code to clean it out. In this case however, even the experts haven’t been able to determine how as many as 8,000 hot wallets were drained.
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.
The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
— Solana Status (@SolanaStatus) August 3, 2022
Wallet Woes
Solana co-founder Anatoly Yakovenko speculated on Twitter that the problem appears to be a supply chain attack that occurred on the iOS and Android smartphone operating systems, which various hot wallet apps run on.
The problem may lie in the “seed phrase” both hot wallets and cold wallets — offline ones on flash drives — generate to allow users to recover their cryptocurrency online when they’ve lost access to a wallet.
These are 12- to 25-word phrases made up of random words that help prevent people from being in the position of Stefan Thomas, an early crypto enthusiast who has 7,002 bitcoins — currently worth about $160 million — locked on an encrypted cold wallet drive that will self-destruct with two more wrong password guesses, out of 10 total.
Related: Crypto Basics Series: What’s a Crypto Wallet and How You Can Avoid Losing a Quarter Billion Dollars?
Yakovenko said one common factor is that the Solana wallets’ seed phrases were either generated on or stored in smartphones on which the stolen funds were stored.
Which raises a basic question: Why use a software hot wallet at all?
Well, the answer is convenience. A cold wallet is a lot safer as it is “air gapped,” or offline, until you want to make a transaction. If you trade a lot, keeping your crypto on a mobile-based hot wallet is a lot easier than physically connecting a cold one to a computer or smartphone. And people are a lot less likely to misplace smartphones.
They also tend to be free or inexpensive, whereas a decent cold wallet will set you back $50 to $200.
One common type of hot wallet is accessed through a cryptocurrency exchange account, which can be very user friendly. But all of those exchanges warn customers not only to protect their wallet with two-factor authentication, but to keep their crypto offline — in a cold wallet.
For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More