The incident has brought up numerous concerns regarding the security provided by both the Solana network and "hot" wallets, which are fairly popular with the typical crypto investor, with cryptocurrency assets worth more than $8 million taken from about 8,000 people.
Cause of Solana attack unknown
While Solana's Twitter account was quick to point out that the attack was not caused by a software compromise on the network, it also stated that its team of engineers was assiduously working with security researchers and ecosystem teams to determine the cause of this wallet attack.
According to preliminary investigations, hardware wallets used by Slope were safe from this issue because they only affected the Slope wallet on the Solana ecosystem.
According to Solana, impacted wallet addresses had their private key information sent to an application monitoring service at some point when they were generated, imported, or used in Slope mobile wallet programs.
Solana has already urged investors affected by the attack to abandon the affected wallets as they could still be compromised even after revoking wallet approvals. While the exact modus operandi employed is still unknown, crypto industry leaders have highlighted that the suspect transactions were properly signed, further indicating that it could be a supply chain attack with a specific focus on Slope ‘hot’ wallet users.
Applications, and devices can be hacked
Applications (software) and devices can be hacked. Since private keys are stored in application and device wallets, hackers can access them and steal your cryptocurrency and that sums up the Solana hack.
And if your wallet has been compromised, it’s paramount that you transfer any existing funds from your compromised wallet to another wallet.
Hackers will wipe your account of funds immediately, but if you're lucky and they have not done this yet, it's time for investors to take immediate action.
Investors should opt for cold wallets
Most hacks happen to hit hot wallets and investors should therefore opt for cold wallets instead
While investors may need some of it online for transactions, they should keep what they need in the short term and store most of it offline. A cold crypto wallet, which is similar in size to a USB device, holds a private key that can be used to access your funds. Investors can set their own private keys as well.
Investors should also use Multi-Factor Authentication (MFA) as this creates a layered defense on their account with independent credentials based on a password, security token, and/or biometrics.
Phishing is another danger and to avoid phishing, investors should never log in to their cryptocurrency exchange unless they are sure they are on the correct site.
Do not trust texts, emails
Additionally, investors should not trust texts, emails or chats that ask for your personal information. Avoiding public WiFi is also a great idea as is updating your software from time to time. Regularly changing the passwords is great as well. Change the password regularly and use a password manager like LastPass or 1Password."
As Solana continues to work with Slope Finance in conjunction with their partners OtterSec and SlowMist to restore normalcy, this incident again serves to highlight the vulnerability of ‘hot’ wallets to cyber-attacks, despite the faster transaction times offered by them.
Comprising the entire collection of web-based, mobile, and desktop wallets available today, ‘hot’ wallets should be used in conjunction with ‘cold’ or hardware wallets to strike the perfect balance between speed, functionality, and security.
For those actively trading in crypto tokens and other crypto assets, it is recommended to hold trading funds in a ‘hot’ wallet, while the bulk of their crypto holdings remain secure in a ‘cold’ or hardware wallet.
Stealing from hardware wallets near impossible
Designed to be immune to hacking, hardware wallets need to be plugged into a computer or accessed via Bluetooth and the signing of transactions is done “in-device". Since a user’s private keys never leave the device, stealing funds from a hardware wallet is an almost impossible task for malicious cyber entities.
Costing between $50 to a few hundred dollars, the security offered by these hardware wallets more than compensates for the one-time costs involved and is highly recommended for all crypto investors out there.
