Skip to content

New investigation uncovers why Solana may not be solely liable for the wallets hack

The cryptocurrency community is still coming to terms with the Solana (SOL)  software wallets hack that has resulted in the loss of at least $4.5 million. The initial probe indicates that the hack is due to an exploit in specific wallets, including Slope and Phantom. 

After the hack, Solana developers indicated that they had identified the root cause of the exploit as compromised private keys “created, imported, or used in Slope mobile wallet applications.”

Although a section of the community has blamed the hack on Solana, a new analysis of the exploit appears to absolve the network of any responsibility. 

In a series of tweets on August 3, Web 3.0 powered by blockchain technology, Point Network noted the first sign why Solana is not to blame is because only two network wallets were affected. The analysis continued to break down what happened on the wallets alluding that weak decentralized two-factor authentication might be the main reason. 

Solana unable to distinguish real and fake users 

According to the analysis, it appears a third party accessed the private keys, and in this case, Solana has no means to distinguish between real and fake owners. 

“Essentially, the root of the problem is that the Solana network has no way to distinguish between a real and a fake owner, to only allow the real owner to access the refund,” Point Network said. 

Furthermore, Point Network noted that the exploit could also be executed through multi signatures and hardware wallets, but the approach is highly unlikely. Interestingly, Solana also confirmed on August 3 that there is no evidence hardware wallets on the network were affected. 

However, Point Network also ruled out exploiting the vault wallet because of the timelock feature that sets a specific timeframe for confirming the transactions. Due to the live feature of the wallets, the attacker can abandon stealing the funds since the real holder can cancel the transaction and send them back to the vault. 

The researchers mentioned that if the transactions are uncontested, they will get confirmed without needing keys. 

Any network can be affected 

Ultimately, the analysis concluded that such an attack could affect any network, not only Solana. 

“This would work not just in a global situation where thousands of wallets are somehow affected, but in a normal setting too if your private key accidentally leaks or your device gets compromised. And this can work for *all* networks, not just Solana,” Point Network added.

Notably, the assertion aligns with Phantom’s take, maintaining that it “does not believe this is a Phantom-specific issue.” 

Although details of the hack remain primarily unclear, Solana noted that approximately 7,767 wallets had been affected, targeting both mobile wallets and browser extensions.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Services

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.