Altcoin prices withstood yet another cryptocurrency hack on Wednesday as millions of dollars’ worth of Solana were stolen.
The market was not spooked after about $6m (£4.9m) was drained from approximately 8,000 wallets containing SOL. Most altcoin prices were in the green as the crypto sector suffered its second major heist this week.
On Monday, more than $200m in cryptocurrencies were stolen from the Nomad bridge.
SOL to USD
Most coins up, Solana down
“This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network,” said the Solana Foundation on Twitter.
Elliptic, a blockchain security consultancy firm, said on Twitter that the attack began on Tuesday and more than $5.8m was drained. Some USDC and non-fungible tokens (NFTs) were also stolen, Elliptic added.
The Solana coin (SOL) was down about 3% around the time that conventional markets closed in North America on Wednesday. (All crypto price information based on CoinMarketCap data.) But other leading coins were up.
Internet computer (ICP) stood out from the crowd by jumping 18%. But, as was the case on Tuesday, most gains were modest.
ICP to USD
Bitcoin stays above $23,000
Bitcoin (BTC) rose about 2% as it stayed above $23,000, while ether (ETH) was flat.
Ripple (XRP), which has gained a lot of attention lately as its parent’s legal battle with the SEC heats up, gained slightly during usual market operating hours but dipped into the red later in the afternoon.
Elliptic said the theft was likely tied to a supply-chain issue that was exploited to steal or uncover private user keys that protect digital assets. Solana said Phantom and Slope wallets were affected due to a weakness in Apple and android mobile apps and Internet browser extensions.
XRP to USD
Fireblocks CEO favors wallet mix
Digital assets need to be protected in a combination of direct-custody, (or custodial) and self-custody (or non-custodial) wallets, Michael Shaulov, co-founder and CEO of crypto technology firm FireBlocks told Capital.com.
In a direct-custody situation, a third-party, often a financial institution, controls some of the keys that protect digital assets and their owner protects the others.
In a self-custody situation, the asset owner controls all keys.
Self-custody needs close monitoring
That means owners have to closely monitor their crypto holdings every day, or have sophisticated knowledge of how to protect them and guard against what is known as “lateral movement.”
“A hacker basically lands on one server and then they can, essentially, start blowing through the other servers or laptops that you have in your organization,” Shaulov, whose company’s core business is to protect wallets.
“And, eventually, they can infect the entire network, right. So even if you’re using some kind of like multi signature, [multi-party computation-based] approach that is fully self-custody, then you need it architected in such a way that the hackers cannot propagate through your organization.
What is your sentiment on BTC/USD?
Vote to see Traders sentiment!
Which is very difficult to do in a direct-custody situation, which is mostly how FireBlocks is being delivered to our clients.”
More wallets better than one
Shaulov said FireBlocks was able to repel an attempted hack on a large client. By holding some of the keys, FireBlocks was able to view the abnormal activity and block the wallets, preventing the hackers from extracting funds.
“That’s a really critical difference in terms of what’s happening in the worst-case secenario,” he said. “Also, [direct custody] mitigates insider fraud. If there is someone malicious within the company that is trying to do something, they don’t have access to 100% of the keys. So, for institutions, I think that direct-custody model works slightly better.”
Chris Terry, vice-president of enter-prise solutions at US-based open lender SmartFi, said the theft of Solana through Phantom shows the risk of connecting your wallet decentralized-finance (DeFi) platforms.
“We always recommend that you never use one wallet for everything,” he said. “Don’t be lazy. Create a wallet for each specific task and fund the wallet for that purpose only. That way, if there is a coding bug, you do not spread the risk to your other assets.”
Shadow on SOL’s credibility
Mikkel Morch, executive-director of digital-asset investment fund ARK36, said the hack will “definitely cast a shadow over Solana’s credibility as a better alternative to Ethereum – especially when it comes to security.”
It may also boost Ethereum’s cause in the debate over who has the safest and most reliable DeFi ecosystem, he added.
He noted that Solana has recently gained a lot of publicity by launching a crypto-native phone and brick-and-mortar store in New York City.
The initiatives, he said, demonstrate Solana’s desired to become a pioneer of mainstream Web3 adoption.
“But when the company’s core products – its blockchain and its DeFi ecosystem – regularly suffer from downtime and security problems, you can’t help but think that Solana may have got it all backwards,” said Morch.