Last week, millions of dollars were hacked from Solana’s (CRYPTO: SOL) ecosystem. While its blockchain wasn’t hacked directly, hackers were able to drain funds from Solana wallets.
It’s still unclear exactly how the hackers were able to access the funds, but it appears that they were able to do so by uncovering users’ private keys. Private keys are stored by users to keep their digital assets secure and the keys give access to send and use these digital assets.
What Happened: Benzinga chatted with Polkadot (CRYPTO: DOT) Ambassador Bryan Chen about the Solana wallet hack and how to prevent hacks like this from happening. Chen is also the founder of the Acala Network, which is part of Polkadot.
One unique aspect about Polkadot is Kusama, its financially driven network that acts similarly to a testnet before going live on Polkadot’s mainnet.
Chen explained what happened to Solana. “The full picture of this is still not clear. This is a private key leaking issue instead of a smart contract or protocol bug. Exploiters were able to use stolen private keys to generate valid transactions to transfer assets from the victim’s accounts,” Chen said.
“People have identified that Slope is leaking user seed phrases in plaintext to external analytic services which are responsible for around 30% of the stolen accounts. How the remaining ones are still being exploited is an unsolved mystery. People are suspecting this could be related to insecure upstream dependencies used by mobile wallets.”
Hiro Systems Chief Technology Officer Diwaker Gupta added some context. Gupta leads the development of Hiro, a developer tooling kit to build apps on Bitcoin’s (CRYPTO: BTC) blockchain.
Gupta said other Solana wallets may be affected by the hack if the same private keys were used.
“What’s known so far is that the Slope wallet was logging public keys that made their way into a third-party system (Sentry). Someone likely got …
Full story available on Benzinga.com