The Solana blockchain has been the target of a major hack from Tuesday night until Wednesday. The weak link is called the slope. It is a Solana compatible mobile cryptocurrency wallet that also provides browser extensions to access decentralized blockchain applications. It is estimated that around 8,000 wallets have been stolen, with loot worth between $5 and $6 million.
Mobile wallets are at the heart of hackers
The exact vulnerability has not yet been determined, but it seems that there is no problem with the Solana blockchain code. These are the private keys of compromised Slope wallets – apparently sitting idle for over six months – allegedly transferred to a third party.
To understand the scope of this hack, let’s go back to how cryptocurrency wallets work. This is a software that stores the user’s public and private keys, the two elements that allow transactions on the blockchain: sending and receiving. These keys are in the form of fairly long alphanumeric sequences that are hard to remember, which means storing them. The public key is shared during the transaction, kind of like a RIB. A private key is a key used as a signature or personal identifier and under no circumstances should it be transferred to a third party.
private key that should be protected
Slope is an application known in crypto terms as a “non-custodial wallet” or “non-custodial”, that is, unlike a “custodial wallet”, the software does not retain private keys, such as those used by major cryptocurrency markets, to store users ‘s private key. This is simpler but considered less secure. The popular adage in the cryptocurrency world does say that if you don’t have your private keys, you don’t have your cryptocurrency.
Therefore, we can a priori assume that the private key is safe on the Slope. But there is another distinguishing criterion between the different types of portfolios. This is the difference between a “hot”, “hot” wallet that is connected to the Internet and a “cold”, “cold” wallet that is not permanently online. Slope is a “hot wallet”, so it is still vulnerable. Regardless, the private keys end up in the hands of cybercriminals.
This hack is a good advertisement for “cold” hardware wallets such as Ledger. And a reminder of the complexities of accessing transactions on the blockchain, if only to know which type of wallet to use.