科技创新!
4 things to learn from the embarrassing Slope hack on Solana
Now we know: The hack that drained thousands of user wallets (more than 8,000 at writing time) on cryptocurrency platform Solana wasn’t a result some sort of wide-ranging system failure. It was very likely due to egregiously bad security practices by cryptocurrency wallet provider Slope.
According to security company Otter, the hack was due to Slope sending users' seed phrases in plaintext to a centralized server. A seed phrase is an equivalent to a crypto private key; it's a string of words that "unlock" the funds in a crypto wallet, allowing whoever owns the phrase to do with them whatever they please. "Plaintext" means that these phrases were sent over the internet unencrypted, making them an easy target for hackers.
This Tweet is currently unavailable. It might be loading or has been removed.
In short: Slope did something that no company should ever, ever do, and it cost its users more than $4 million. (For the record, Slope said in an official statement that "nothing is yet firm" regarding the hack, but several other experts agree with Otter.)
The number isn't massive in the world of cryptocurrencies, where multi-million hacks are commonplace. But the hack was the stuff of nightmares for crypto users, as people's funds just started randomly disappearing from their wallets, and it took nearly a day for security experts to catch up and figure out what had happened.
SEE ALSO: Nomad crypto hack turns into $190 million mass theftSo what can you do to make sure such events don't affect you in the future? No strategy is foolproof, but here's some advice.
1. Software cryptocurrency wallets can be ridiculously bad when it comes to security
One would think that a company specializing in crypto wallets wouldn't even send emoji unencrypted, but one would be wrong. Slope appears to have committed one of the worst offenses possible by sending users' seed phrases unencrypted over the internet.
This Tweet is currently unavailable. It might be loading or has been removed.
The lesson to learn here is this: Even when a company is saying security is a priority; even when it's operating in a space where security is extremely important; even when they pinky swear your funds are safe, you must still remain vigilant.
2. All the cryptography in the world doesn’t help when there’s a weak link
When you set up a crypto wallet, you'll typically get messages saying you should keep your seed phrase and private key safe and not show it to anyone. You may also see notices that there's advanced cryptography at work here, and if you lose both your seed phrase and access to your private key, you'll never be able to get your funds back.
While that may be true in some cases, if the wallet itself mishandles your seed phrase, the most advanced cryptographic safeguards will be of little use.
3. Use a hardware wallet if possible
Ledger offers a hardware wallet that works with Solana. Credit: Ledger A hardware cryptocurrency wallet is a device, often similar to a USB stick, that lets you keep, spend and receive crypto coins. It typically offers more security than a software wallet, though it's a little more complicated to use.
Related Stories
- Thousands of Solana crypto wallets drained in yet another massive hack
- Nomad crypto hack turns into $190 million mass theft
- Half-billion dollar DeFi hack goes unnoticed for almost a week
- Hackers steal $23.5 million from cryptocurrency exchange Bancor
- A Russian hacking group literally called 'Evil Corp' stole $100 million from banks
When the Slope attack started hitting user wallets, both Solana and Slope advised users to transfer their funds to a hardware wallet. That's good advice in principle, but most users don't have a hardware wallet handy, and ordering one online and receiving it typically takes a few days.
So one thing you can do, especially if you're handling meaningful amounts of crypto, is to order a hardware wallet before disaster hits. Companies like Trezor and Ledger offer one. Do bear in mind, though, that even hardware wallets can have security holes, and the companies that make them can have bad security practices. For example, Ledger had a horrible data leak in which hackers got a hold of its users’ names, home addresses and other data. On the other hand, Trezor, which has a good security record, does not support Solana as of this writing.
4. Sometimes, a centralized exchange can save you
In crypto, there's a saying: Not your keys, not your coins. It means that if you keep your coins with a third party, such a centralized crypto exchange, you don't really control what happens to them.
But in the case of yesterday's Slope hack, the best thing you could do to protect your coins (if you didn't have access to a hardware wallet) was to send them to an exchange such as FTX or Binance, as it was unlikely that these exchanges were also affected by the same issue. As a quick safety measure, it was a decent option; you could always move your coins elsewhere after the dust settled.
友链
外链
互链
Copyright © 2023 Powered by
4 things to learn from the embarrassing Slope hack on Solana-坐而论道网
sitemap
文章
12
浏览
57
获赞
5
热门推荐
Lyft dips toes into food delivery for first time
Lyft has added e-scooters, e-bikes, car rentals, and other services to its original ride-sharing appChrissy Teigen's tweet about Twitter's trending section pretty much nails it
Cleaning up the mean streets of Twitter is no easy task, but Chrissy Teigen is still giving it her bTwitter tests 'humanization prompts' in effort to reduce toxic replies
Twitter wants you to remember that there are actual people on the other side of your replies. The coDating app profiles: A definitive guide to making yours stand out
It's 2019, and there are people on Cher's green earth whose dating app profiles consist solely of aSamsung takes on AirPods Pro with Galaxy Buds Live
After weeks of speculation and leaks, Samsung went ahead and officially unveiled its answer to AppleSomeone said 'Ed Sheeran got hot' and now it's a meme
Ed Sheeran is many things: Singer, songwriter, former Game of Thrones guest star, and now, it appearDemocrats' proposed Section 230 reform may not be as helpful as it looks
Former president Donald Trump fiercely advocated for getting rid of Section 230 in his final months11 of the wildest bottle cap challenges
This summer's challenge has everyone kicking the caps off bottles in the wildest way possible.WhileOnePlus under fire for pre
OnePlus is facing criticism for pre-installing Facebook apps on its newest smartphones—and appSignal hits No. 1 in Apple's App Store after Elon Musk boost
After WhatsApp announced a more Facebook-friendly privacy policy, tech billionaire Elon Musk nonchalRainn Wilson called Elon Musk out after Tesla 'stole' his leaf blower idea
Fact: On April 19, 2019, actor Rainn Wilson tweeted at Elon Musk and asked the tech leader if he couThe softblocking meme blends literary references with cancel culture
Oof. Yikes. A new copypasta has everyone softblocking problematic villains from well known stories,5 Adobe PDF Reader Alternatives That Do More for Free
These days, you don't need an app just to view PDF files. Every web browser can do that. If you someWhat happens in your brain when notification sounds jog your memory
It sounds like someone accidentally hit adjacent keys on a xylophone. The understated double ping hiSex ed is not mandatory in Bulgaria so these activists made an illustrated guide for girls
In Bulgaria, sex education is not part of the compulsory curriculum in schools. That means it's up t