The crypto world has just been hit with not one, but two major hacks that altogether drained hundreds of millions from real owners to hackers. One of the two has to do with Nomad Bridge, while the other is the ongoing attack on Solana-based wallets. If you want to know more about the former check out our Twitter thread that explains everything you need to know about it, given that the focal point of this article is going to be the Solana wallets hack.
If you aren’t a complete crypto newbie, you’re already familiar with the saying: ‘Not your keys, not your crypto’. These words have become almost a mantra in the crypto community, which shows that crypto fanatics are well aware of potential dangers that surround keeping your funds at exchanges. The next thing about security that is also pretty well-known, is that bridges, despite being crucial for scaling and therefore further adoption, pose an immense security threat. On the other hand, everyone seemed to believe that wallets are the way to keep your funds SAFU.
Having witnessed Solana-based wallets hack, some investors might be wondering whether wallets still represent a safe haven for crypto storage. This is a legit concern to have. The aim of this article is to clear up any misunderstanding. In addition to answering a question ‘What happened?’, the article will also provide an answer to the question ‘How can I make sure I’m safe from similar hacks?’ so you know what to do, to stay safe from similar hacks that could happen in the future.
What happened (or rather what is happening) with the Solana-based wallets hack?
Just a day after around $200 millions went missing from the Nomad crypto bridge hack, the crypto world woke up to another devastating news. This time it was the Solana ecosystem, which got compromised. The ongoing attack drained funds from over 8,000 unique Solana wallets, such as Phantom, Slope and TrustWallet.
Engineers continue to investigate the root cause of an incident, which isn’t yet confirmed. The exploit probably came as a result of a so-called ‘supply chain attack’. What is that? The term usually refers to the cyber attack that targets the least secure elements (this time it was a third-party in the supply chain). It looks like the hackers attacked the Javascript library and managed to obtain users’ private keys, which enabled them to validate transactions and transfer funds to their wallets.
How can I make sure I’m safe from similar hacks that might happen in the future?
If you want to know how to prevent hackers from getting access to your funds in a similar fashion, you need to get informed about what the wallets that got compromised have in common. All of the confirmed cases had the private key imported or generated on a mobile phone. While millions were drained from hot wallets, no hardware wallets have been affected. This shows that wallets are still a safe way to store your funds. You just need to know which type of wallet to use if security is your utmost priority.
Since you can choose among cold (not connected to the web) or hot wallet (connected to the web and therefore to some degree vulnerable to online attacks), the former is your go-to option when you put security above everything. Since stealing from a cold wallet usually requires physical possession of the cold wallet, as well as any associated PINs or passwords that are necessary to get access to funds, chances of you losing control of your assets are practically non-existent (if you take good care of confidential info, as well as physical wallet).
Why do people even use hot wallets then?
Crypto wallets are a double-edged sword, just like everything in the world. Although cold wallets on the one hand offer utmost security, the fact that they’re not connected to the internet, makes them less convenient. They are designed to be immune to hacking, but this security comes with a price in the form of higher prices (since these are physical wallets), as well as lowered practicality (they must first be powered on and then connected to the internet).
Because each wallet type has pros and cons, we suggest using a combination of both. Given that hot wallets are more easily accessible, you might want to keep small sums of money on it (or them). Small enough so you aren’t vastly affected in case it gets compromised, while big enough so you can carry out your day-to-day transactions. Meanwhile, the majority of your holdings should be stored in a cold wallet, safe from any external attacks. Striking the right balance between the two, gets you the best out of both worlds.
Conclusion
Our hearts of NWC team members go out to everybody affected by this cyber crime. We are keeping our fingers crossed that justice will eventually prevail. Meanwhile it is important to point out that people who got their funds stolen aren’t the only ones negatively affected by such attacks (not to downplay the importance of a situation). Since they undermine people’s confidence in the crypto space, they negatively impact each one of us (that is a part of the crypto community).
In this blog, we’ve already used the expression ‘double-edged sword’. On a positive note, attacks of this kind can also be a double-edged sword. In addition to all the pain they inflict on its victims, they also have favorable consequences. Such ‘incidents’ inspire evolutionary development that eventually makes sure companies that don’t have proper security measures lose users and go out of business, making the digital currency space safer in the long-run.
