Solana blockchain suffers exploits - over 8,000 wallets affected
Coindesk • November 08, 2022
The Solana blockchain appears to be the victim of a new crypto exploit with users reporting that their funds are drained without their knowledge from their ‘hot’ wallet connected to the internet. As of writing the attack is still on-going with over 8000 wallets affected. The attack on the wallets in this case seems to be relate to the end-user of the Solana blockchain giving the attacker the ability to sign messages and approve transactions on the behalf of the users suggesting some third-party has been compromised to bait users in bad approvals.
The attack on the wallets itself (currently unknown exactly where the attack vector exactly came from) is the latest incident in the debate about self-custody and best practices in self-custody. Hot wallets stay connected to the internet at all times, making them more vulnerable but more user-friendly, and cold wallets are stored in a way that is it less convenient to use but more secure, showcasing the biggest trade-offs of both.
Solana has been criticized in the past as a blockchain that moves too fast and breaks its own consensus mechanism multiple times. This in return, affects the liveness of a distributed blockchain system where nodes successfully come to consensus and produce accurate transactions.
These security incidents are growing pains that are inevitable while building the blockchain technology and infrastructure in an open manner. Web3 investors therefore, will again need to consider the risk trade-offs between self-custody and no counterparty risk and custody with best security practices and know-how.