Chris Curl,
Editor
Aug. 12, 2022
The crypto world was shaken to its core earlier this month as users began reporting that their digital assets were suddenly vanishing from their wallets.
What was even more horrifying to me was that most of this was happening on Solana.
Many users claimed on Twitter that the blockchain itself had been hacked and that everyone was vulnerable. Phantom wallets were being drained of $SOL left and right and everyone was scrambling to figure out what to do.
Then reports came out of Ethereum and other cryptos being drained from Trust wallets as well.
It seemed like no one was safe.
Crypto personalities were advising people to get all their crypto out of hot wallets and onto cold storage or, at the very least, to transfer them onto an exchange for temporary safekeeping.
It was 48 hours of horror for Solana users as they waited to find out what would happen to their digital assets.
Blockchain data revealed that over 8,000 wallets had been emptied of their crypto – totaling well over $4 million in value.
How did this happen?
For some time, nobody knew. But developers were able to determine that the security issue was not with the Solana blockchain itself. It had something to do with the wallets.
A further investigation carried out by digital security company Otter revealed that the hack originated with crypto wallet provider Slope. Apparently, they had sent users’ seed phrases in a plaintext file to a centralized server. From there, hackers were able to access and drain over 8,000 users’ wallets.
The seed phrase is the equivalent of private keys – it’s what allows you to access your crypto wallet. And that data should have never been stored in such a careless way. Sending seed phrases, unencrypted, over the internet and storing them on a centralized server is incredibly negligent. The backlash is likely to be severe.
The Slope Finance team issued a bounty to the Solana hackers offering a 10% reward if they would return the stolen crypto. They also promised not to pursue any legal action.
Not surprisingly, the hackers did not take them up on their offer.
There are a few takeaways from all of this…
First, it’s important to keep in mind that the Solana blockchain was not hacked and remains intact and fully functional. In fact, the price of Solana barely budged during all of this panic.
Second, even though 8,000 sounds terrible, it is only a tiny fraction of the tens of millions of Solana wallets in use currently.
Third, it shows the dangers of hot wallets and the need for cold storage of crypto assets. I don’t recommend holding lots of crypto assets long-term on hot wallets. It’s much better to transfer them to cold storage via a hardware wallet like the Ledger Nano.
And lastly, this revealed that it only takes one weak link to severely undermine the security of crypto assets. Just one wallet provider doing something careless caused all this turmoil.
None of the readers at Crypto Cycle were impacted by this as I recommended setting up a Phantom wallet directly. All of the exploits originated with Slope wallet and only affected other wallets where users had imported their keys.
So, TrustWallet and Phantom were only impacted by users who imported their keys directly from their Slope wallet, and not by users who set those wallets up independently.
It’s important to understand that the crypto world is high risk/high reward and many dangers abound.
I try to steer my readers clear of the many landmines that dot the landscape of Web3.
In Crypto Cycle, I offer a full CryptoU Series, complete with video tutorials, that show users how to navigate the space with the highest security possible. I also host quarterly call-ins so members can get all their questions answered.
And I also manage a $50,000 real money portfolio with full transparency so members can see every crypto trade I’m making.
You don’t want to miss this inside look.
Chris Curl
Editor, Daily Profit Cycle