Solana hack can happen ‘on any blockchain’; open source and user privacy are essential to prevent this – Brian Norton
(Kitco News) – Last Tuesday, $8 million in Solana was stolen from Slope, a company that holds crypto assets for its users. Slope’s centralized server stored seed sentences that belonged to the users. Hackers gained access to the server, stole the sentences and drained wallets.
“Around August 2nd, a number of people saw their wallet being emptied across multiple wallets,” said Brian Norton, COO of MyEtherWallet. “What we later learned was that most of these attacks were focused on one wallet, Slope Finance, which had stored seed phrases on a centralized server… We mostly saw Solana being drained, but we saw a few instances of Ethereum being was drained from certain wallets, because those seeds had been imported by users into other wallets.”
However, he pointed out that the Solana source code itself was not compromised, but rather that this appeared to be a problem with Slope’s security.
Norton spoke with David Lin, anchor and producer at Kitco News.
The need to protect wallets
When a user buys a cryptocurrency, they hold it in a digital wallet. These wallets can be either offline or an online hot wallet, the latter of which can be vulnerable to hacking if private wallet data is shared over a network.
“In the case of Slope and Solana, this is something that could theoretically happen on any blockchain,” Norton said. “Using closed source, centralized wallet infrastructure is not the way to go. It has to be [open-source] and it has to be the client side.”
By “client side,” Norton explained that he meant, “We [at MyEtherWallet] not have a backend database that stores people’s phrases, stores people’s personal information. Your keys are your keys when you log out of your wallet. Then no one else has access to it, including us.”
He emphasized that cryptocurrency users need training on how to take self-custody of their own crypto-assets, and how to store the keys securely. He recommended, among other measures, using an offline “hardware wallet”, and discussed the benefits of open source wallet infrastructure.
“Ensure that [your] the software wallet is open source, and that it’s completely non-custodial, that there’s no way they store your keys,” Norton said. “As soon as those keys end up on a centralized server, they become vulnerable to attacks from multiple different wins . You want to prevent that.”
Ethereum Merger
Norton’s company, MyEtherWallet, is, according to its website, a “free, open source client-side interface for generating Ethereum wallets and more.”
Given the company’s dealings with Ethereum, Norton commented on the upcoming Ethereum merger, which is intended to transition the cryptocurrency from a proof-of-work to a proof-of-stake model.
“For the casual user who holds and trades [Ethereum]you’re probably not going to see that much of a difference,” he explained. “You might see slightly higher transaction throughput, but other than that, your user experience will mostly stay the same.”
He added that for those running Ethereum validators “will be able to start withdrawing their stakes and rewards, and there will be more opportunities for new users to stake.”
To find out how Norton thinks the Ethereum merger will affect the price, watch the video above.
Follow David Lin on Twitter: @davidlin_TV
Follow Kitco News on Twitter: @KitcoNewsNOW
Disclaimer: The views expressed in this article are those of the author and may not reflect the views of Kitco Metals Inc. The author has made every effort to ensure the accuracy of the information provided; however, neither Kitco Metals Inc. nor the author can guarantee such accuracy. This article is for informational purposes only. It is not an invitation to exchange goods, securities or other financial instruments. Kitco Metals Inc. and the author of this article do not accept responsibility for any loss and/or damage arising from the use of this publication.