A pair of crypto hacks totaling nearly $200 million in losses and likely more than 10,000 users have raised concerns in an industry already reeling from falling prices.
Solana, Nomad crypto wallets are hacked, with losses of tens of millions
“An exploit allowed a malicious actor to drain funds from a number of wallets on Solana,” the company so via Twitter. “Engineers are currently working with several security researchers and ecosystem teams to identify the cause of the exploit, which is currently unknown.”
The hack is believed to have affected wallets such as Slope and Phantom. These are “hot wallets” – that is, wallets that allow for lightning-fast transactions because they are always connected to the Internet, unlike “cold wallets”, which usually require a USB drive and have long periods of disconnection. Solana – which at one point held the fifth most popular token before a slide – has made a name for itself as a blockchain that can transfer funds extremely quickly.
The news follows Monday’s disclosure by Nomad, a so-called blockchain bridge, which acknowledged that around $190 million had been taken from it after a hacker infiltrated its system. The attack became known as a “free-for-all”, since the hacker’s original code allowed anyone to copy it and steal the crypto for themselves. It is not known where the money went.
Nomad so its executives worked with law enforcement and a blockchain data firm called TRM Labs to find the funds, without an update as of Wednesday afternoon. It said they were working on “investigation/recovery” as well as “technical repairs.”
In an unusual move, the company early on Wednesday gave an address to anyone who might have chosen to take the money in a noble act of protection.
“Dear white hat hackers and ethical researcher friends who have protected the ETH/ERC-20 tokens, please send the funds to the following wallet address on ethereum,” it said on Twitter. It is not known if any Good Samaritans took the company up on the offer.
A blockchain bridge allows consumers to exchange crypto from one blockchain to another — for example, from bitcoin to ethereum — making it vulnerable to what security experts call “both sides,” weaknesses on both blockchains. These bridges also tend to be newer and, in some cases, more quickly designed. In March, another blockchain bridge known as Ronin was hacked for a total of more than $600 million in crypto.
“To date, approximately $1.8 billion has been stolen from these services, and it is concerning that their security standards do not appear to match the vast amounts of capital entrusted to them,” said Tom Robinson, co-founder and chief scientist at Elliptic . in an email to The Post, referring to bridges.
Meanwhile, the Solana case has raised concerns because it was made vulnerable by factors beyond its control. While some argue that the hack doesn’t show that any of the industry’s foundations are shaky — “This wasn’t a core problem with blockchain, it probably seems like an app someone built was buggy,” crypto mogul Sam Bankman-Fried told Fortune Wednesday — it highlighted to critics the connection between crypto networks and the inability of one part to consider all the others.
While the hacks involved discrete devices, blockchain bridges and hot wallets also emphasize what many crypto enthusiasts say is so appealing about the form: ease of use. The former allows different blockchains to communicate — potentially as important to an upcoming era of technology as, say, people with AT&T and Verizon phone plans being able to talk to each other were to an earlier one.
And cold storage, while safer, appears to undermine what lies at the heart of crypto’s appeal, which is allowing transfers without the delays and waiting times of traditional banking transactions.
On social media on Wednesday, many showed photos of the wallet suddenly showing zero balance, while others questioned hot wallets. “So you’re telling me that storing my entire net worth on a google chrome extension would be considered a bad move?” a waggle wrote by Phantom.
But experts say the problem could be more serious than that. Finding solutions, they note, may mean making sacrifices for the goals envisioned by crypto-idealists.
“One of the benefits of opening up the banking system in this way is the speed and lower barrier to transactions,” said William Callahan III, a former DEA special agent who now serves as director of government and strategic affairs for a company called Blockchain Intelligence Group. “But what these hacks show is that we need to take a step back and question the idea of accessibility, as speed is also part of the problem. We need to balance speed with security.”
Still, Callahan said, he believed such support was possible. “Blockchain bridges need to increase protection, while perhaps consumers need to use more cold storage,” he added.
The need for speed may diminish on its own as some leave cryptocurrency. Bitcoin, a strong barometer of crypto activity, has lost 50 percent of its value in 2022 as investors dumped the asset, although it has seen a decline from below $19,000 in June to around $23,000 in recent weeks .
