Thousands of Solana wallets hacked
Close to 8,000 Solana wallets were exploited this week. Bad actors exploited the Nomad Bridge for $200MM. They say bad things happen in threes. Let’s hope there’s no #3.
DeFi's looking like Stallone at the end of Rocky 1 right now.
Today We’ll Be Covering:
• Solana Hacks. Solana was mysteriously drained from thousands of wallets.
• Nomad Bridge. Another bridge was exploited. This time for $200m.
• Other News. Tiffany's enters NFTs /w jewelry. Synapse launches a chain.
Let’s dive in!
- Total Crypto Market Cap: $1.11T (+5.71%, 7 days)
- BTC Price: $22,980.92 (+0.3%, 7 days)
- ETH Price: $1,626.83 (-0.6%, 7 days)
- TVL in DeFi: $107.23B (+6.54%, 7 days)
- Fear & Greed: 30 (FEAR)
“We have to practice defensive investing since many of the outcomes are likely to go against us. It’s more important to ensure survival under negative outcomes than it is to guarantee maximum returns under favorable ones.” – Howard Marks
Over 8,000 Wallets Drained in Solana Attack
On August 3, some people started having their Solana drained from their wallets. It seemed that hackers acquired the private keys to access some mobile hot wallets.
There was a lot of panic and speculation.
• Was it an iOS supply chain attack?
• Was there an attack on Solana itself?
• Did the Phantom wallet have an exploit?
Here's what we now know.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
August 3rd 2022
Slope is a mobile hot wallet for Solana. Here's what Slope had to say.
The seed phrases generated by Slope wallets were compromised. There are still investigations on what happened - I'm not interested in speculating or spreading rumors.
What you should do:
If you've been using the Slope wallet, then you need to take action. Consider your wallet compromised. DO NOT import the seed phrase into another wallet and re-use it.
Send your tokens to a hardware wallet such as a Ledger Nano. If you don't have one, then sending to a CEX or a new wallet are your next best options.
Some Takeaways from This:
- Solana itself had nothing to do with this. They've had their fair share of issues before, but this isn't on them.
- Wallet providers can be incompetent. Slope wasn't some shady operation. It was backed by Jump, Alameda, Solana Ventures, and countless others.
- Significant sums of money should be secured through a hardware wallet (I use a Nano Ledger X – order directly from the manufacturer).
What if you had your tokens stolen? Is there any chance of getting compensated? I wouldn't count on it.
The private keys were compromised. It's impossible for Slope to figure out who owns which wallet.
Nomad Bridge Hacked for ~$200m
On Tuesday, the Nomad Bridge was exploited for approximately $190MM in what was perhaps the first-ever decentralized crypto crowd looting.
What is a Crypto Bridge?
A bridge allows crypto-asset owners to move tokens across different blockchain networks. For example, ETH is designed to be used on Ethereum. You can “wrap” the Ethereum and bridge it over to Avalanche. Then you can use your Ethereum on AVAX dapps (known as wETH.e).
There are generally two types of bridges:
- Trusted bridges rely on centralized entities, whereby users need to trust the custodians and the multisig holders.
- Trustless bridges rely on smart contracts, whereby users need to trust the underlying blockchain security and the code written for the bridge.
As the crypto ecosystem becomes more multi-chain, L1 assets are incentivizing market participants to move capital over to their ecosystem via new projects and token rewards. This has sparked the rise of bridges that were either created by the L1 protocols themselves or by third-party creations.
So, what happened with Nomad?
To put it simply, hackers exploited a vulnerability that existed as a side effect of auto-proving every message. The Nomad team accidentally added this vulnerability when doing their routine upgrade by initializing the trusted root to be 0x00. More details on that here.
What’s unique about this exploit is that it’s not too technical in nature. Other parties can copy-paste the original hacker transaction, change it to their own address, and rebroadcast it.
So, it became this crazy party where anyone could loot the bridge for a few hours. Some people made off with millions from copy and pasting.
Additionally, Ethereum founder Vitalik has also voiced his concerns about a cross-chain future, stating that he believes the future of crypto will be multi-chain, not cross-chain. This is because a cross-chain infrastructure, including a bridge, will always carry inherent vulnerability risks.
There are blockchain networks such as Polkadot and Cosmos whose main value proposition is their multi-chain design that should prevent these cross-chain risks.
About the Author: Marco is a Research Director at DAR, a crypto market data & research firm that works with institutions the likes of FTSE Russel and Bloomberg. He also writes crypto analysis and musings on his personal blog, Pensive Pragmatism.
📰 The Fast Five
💎Tiffany & Co. Launches CryptoPunk NFT Pendants. The 184-year-old luxury jewelry maker has launched an NFT collection. It’s limited to Cryptopunk owners only. How much does it cost? 30 ETH and there’s a limited supply of 250. These NFTs will provide CryptoPunk owners with IRL jewelry shaped after their Crypto punk. And there will be a custom NFT too.
So what’s the point of this? Status. Not only can you show off your Cryptopunk on Twitter, but you can flex at Crypto conferences. It’s always bullish whenever a mainstream company enters NFTs.
👋Michael Saylor Steps Down as MicroStrategy CEO. Michael Saylor is known as one of the largest advocators for Bitcoin. He used his company’s cash reserves to buy Bitcoin. Saylor will be stepping down as CEO, but will remain as Chairman. Why? He’s going to focus on Bitcoin acquisition strategies, while someone else can run the company. MicroStrategy currently holds around $1.988B worth of Bitcoin.
💰Gary Vee’s NFT VEEFRIENDS Raises $50MM. Remember that guy who’s all over YouTube, telling you to hustle? Well, Gary Vaynerchuck has raised $50MM for his VeeFriends NFT collection in a series A round led by a16z. The capital will be utilized to build the future IP of the 283 VeeFriends characters.
VeeFriends also plans to use the funds to scale its creative, technical, and experiential operations. The team is currently building its IP across different multimedia platforms, including physical and digital spaces.
😱Kraken Is Suspected of Violating Sanctions. US-based crypto exchange Kraken is the target of an investigation by the US Treasury Department into whether or not the exchange violated federal sanctions by allowing users from Iran to use its platform. Kraken has been investigated by the agency since 2019 and might be fined.
⛓️ Ethereum Confirms Goerli Merger Date. The Ethereum mainnet merge is only one testnet away from officially moving into a Proof-of-Stake consensus mechanism. This testnet merge will be the final rehearsal before the current Ethereum mainnet will officially merge with the Beacon Chain.
👨💼Featured Web 3 Job: (Sponsored)
NestedFI is hiring a Head of Growth!
The crypto world suffers from general over-complication and an unbearable user experience that dissuade people from getting involved.
Nested is a crypto trading platform that breaks this trend by revolutionizing accessibility to web3 investments in a way that is unprecedentedly simple, social, and safe. They'll allow anyone to build, manage, track portfolio, and earn royalties through an NFT.
This protocol is backed by Jump Crypto and Alan Howard (billionaire hedge fund manager).
- At least 2 years of experience hiring, building, and leading a team.
- History developing tailored strategies to manage and grow community user bases in the Web 3.0 space across DeFi and NFTs.
- The candidate needs to have a presence in the Crypto Twitter community.
- 100-120k a year
- 0.5-1% Equity
- & more
Apply for Head of Growth at NestedFI
Thanks to NestedFI for sponsoring this job post! I have been talking to the founder for the past few months. This is an amazing opportunity.
💻What’s Happening in DeFi
⛓️Introducing Synapse Chain. Synapse, the cross-chain swap protocol, is planning to develop its own smart contract platform. Called Synapse chain, the new initiative will aim to solve limitations of the current infrastructure for cross-chain applications. Since Synapse’s launch in August 2021, the protocol has processed more than $10B in volume.
🍣SushiSwap Nominates New CEO. The popular DEX is nominating Jonathan Howard as its new Head Chef (CEO). Jonathan is a full-stack engineer and career entrepreneur with 3 exits. That said, community responses are mixed, especially around his compensation package which will amount to a potential $10.6MM payday over the next four years.
🙏Harmony Reimbursement Proposal. HarmonyONE is addressing its Horizon Bridge incident that resulted in a huge ~$100MM exploit spanning 65,000 wallets with 14 different asset types. The proposal is made to reimburse those who were impacted by the hack. Reimbursement will be made in ONE tokens over a three-year period by printing more ONE tokens. There is some community backlash as this initiative will inflate the supply of ONE tokens, which will most likely affect its price.
👻Aave DAO Approves GHO Stablecoin. The proposal to create Aave’s own Stablecoin, called GHO, has passed and was backed by 99.9% of voters. This marks the official start of the GHO Stablecoin development, Aave’s own overcollateralized Stablecoin. Users will be able to mint GHO by depositing crypto collateral accepted by Aave.