{"id":876,"date":"2022-08-11T20:31:46","date_gmt":"2022-08-11T20:31:46","guid":{"rendered":"https:\/\/solanacrypto.news\/2022\/08\/11\/criminals-steal-4-million-from-solana-as-theft-trend-hits-its-crypto-blockchain\/"},"modified":"2022-08-11T20:31:46","modified_gmt":"2022-08-11T20:31:46","slug":"criminals-steal-4-million-from-solana-as-theft-trend-hits-its-crypto-blockchain","status":"publish","type":"post","link":"https:\/\/solanacrypto.news\/2022\/08\/11\/criminals-steal-4-million-from-solana-as-theft-trend-hits-its-crypto-blockchain\/","title":{"rendered":"Criminals steal $4 million from Solana as theft trend hits its crypto blockchain"},"content":{"rendered":"
\n
\n
\"\"
The Solana became the latest victim of cybercriminals as about 9,000 cryptocurrency wallets on its blockchain were robbed of more than $4 million. (Photo by Marco Bello\/Getty Images)<\/figcaption><\/figure>\n<\/div>\n

Cryptocurrency exchanges and bridge sites have been suffering a spate of attacks aimed at stealing funds, personal credentials and account access. One of the latest victims: Roughly 9,000 crypto wallets on the Solana blockchain, which were reportedly robbed of more than $4 million<\/a> late last week.<\/p>\n

Tricky threat actors \u2014 continuously finding new inroads to cryptocurrency systems<\/a>, customers and employees through ever-more sophisticated webs of malicious downloads, trojans, social engineering and fraud<\/a> \u2014 exploited another wrinkle in this attack on Solana. Bad actors specifically accessed and drained funds held in both Solana and USD Coin currencies from account held, in most cases, on Slope mobile wallets.<\/p>\n

The evidence in the investigation of this breach \u201ccurrently points to stolen private keys as the culprit for the attacks on Solana users who use specific wallet apps,\u201d according to Paul Bischoff, privacy advocate at Comparitech.<\/a><\/p>\n

The passwords could have been stolen from \u201ca database, a supply chain attack that infected some wallet apps, or by phishing users for individual passwords,\u201d Bischoff added. \u201cGiven the number of wallets affected, one of the former two seems more likely.\u201d<\/p>\n

For its part, Solana is reserving judgment on how attackers were able to gain access.<\/p>\n

\u201cThe details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service,\u201d according to a statement Solana issued<\/a> last week on Twitter. \u201cThere is no evidence the Solana protocol or its cryptography was compromised.\u201d<\/p>\n

A few of Solana\u2019s account holders with Phantom mobile wallets were also reportedly impacted, but Phantom tweeted<\/a> that all of its customers\u2019 issues were connected to \u201cimporting accounts to and from\u201d Slope. In a statement issued b<\/a>y<\/a> Slope<\/a> last week, the mobile payments developer said it is still investigating the breach of its wallets, though the company stated it had \u201csome hypotheses as to the nature of the breach, but nothing is yet firm.\u201d Many of Slope\u2019s own employees and founders had their wallets emptied, as well, according to the statement.<\/p>\n

\u201cWe are actively conducting internal investigations and audits, working with top external security and audit groups,\u201d the Slope statement continued. \u201cWe are working with developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify.\u201d<\/p>\n

Roger Grimes, data-driven defense evangelist at cybersecurity firm KnowBe4,<\/a> pointed out that the Solana attack, along with the recent Nomad attack, attacks on Coinbase and a plethora of other blockchain and online currency breaches \u201cis <\/em>just one of the latest crypto-related thefts.\u201d<\/p>\n

\u201cBillions have been stolen so far this year alone,\u201d Grimes said. \u201cIn general, the cryptocurrency industry is not securing their products as strongly as they could. They and their employees are often running and operating as a mainstream, much lower-level security operation might.\u201d<\/p>\n

Cryptocurrency organizations and their software are essentially operating as financial trading organizations and banks, and as such, should treat their internal security and application security as any other high-security organization would, Grimes added. Hence all cryptocurrency and blockchain developers should be trained in security development lifecycle (SDL) techniques, use secure-by-default coding languages, and should test their applications extensively before release \u2014 conducting multiple, internal code reviews, internal penetration testing, and external bug bounties and external penetration testing, \u201cuntil they can, to the best of their ability, decrease the risk of malicious bugs being present.\u201d<\/p>\n<\/div>\n