Solana hack can happen “on any blockchain”; open-source code and user privacy are key to preventing this – Brian Norton


(Kitco News) – Last Tuesday, $8 million in Solana was stolen from Slope, a company that holds crypto assets for its users. Slope’s centralized server stored seed phrases that belonged to its users. The hackers accessed the server, stole the phrases and emptied the wallets.

“Around August 2, a number of people saw their wallets drain across multiple wallets,” said Brian Norton, COO of MyEtherWallet. “What we learned later was that most of these attacks were focused on a single wallet, Slope Finance, which stored seed phrases in a centralized server…We mainly saw Solana being drained, but we saw saw a few instances of Ethereum being emptied from some wallets, as these seed phrases had been imported by users into other wallets.”

He pointed out, however, that Solana’s source code itself was not compromised, but rather seemed to be an issue with Slope’s security.

Norton spoke with David Lin, presenter and producer at Kitco News.

The need to protect portfolios

When a user buys cryptocurrency, they keep it in a digital wallet. These wallets can be either offline or an online hot wallet, the latter of which can be prone to hacking if the private wallet data is shared over a network.

“In the case of Slope and Solana, this is something that could theoretically happen on any blockchain,” Norton said. “Using a centralized, closed-source wallet infrastructure is not the way to go. It needs to be [open-source] and it must be client-side.”

By “client-side,” Norton explained that he meant, “We [at MyEtherWallet] don’t have a backend database storing people’s phrases, storing people’s personal information. Your keys are your keys when you log out of your wallets. So no one else has access to it, including us.”

He pointed out that cryptocurrency users need to be educated on how to take charge of their own crypto assets themselves and store their keys securely. He recommended, among other measures, using an offline “hardware wallet” and discussed the benefits of open source wallet frameworks.

“Be sure that [your] software wallet is open-source, and that it’s completely non-custodial, that there’s no way they’re storing your keys,” Norton said. “Once those keys end up in a centralized server, they become vulnerable to attacks from several different victors. You want to prevent that.”

Ethereum merger

Norton’s company, MyEtherWallet, is, according to its website, a “free and open-source client-side interface for generating Ethereum wallets and more.”

Given his company’s relationship with Ethereum, Norton commented on the upcoming Ethereum merger, which aims to move the cryptocurrency from a proof-of-work model to a proof-of-stake model.

“For the casual user who owns and trades [Ethereum]you’re probably not going to see that much of a difference,” he explained. “You might see a bit higher transaction throughput, but beyond that your user experience will remain essentially the same.”

He added that those using Ethereum validators “will be able to start withdrawing their stake and rewards, and there will be more opportunities for new users to stake.”

To learn how Norton thinks the Ethereum merger will affect its price, watch the video above.

Follow David Lin on Twitter: @davidlin_TV

Follow Kitco News on Twitter: @KitcoNewsNOW

Disclaimer: The opinions expressed in this article are those of the author and may not reflect those of Kitco Metals Inc. The author has made every effort to ensure the accuracy of the information provided; however, neither Kitco Metals Inc. nor the author can guarantee such accuracy. This article is strictly for informational purposes only. This is not a solicitation to trade commodities, securities or other financial instruments. Kitco Metals Inc. and the author of this article accept no responsibility for loss and/or damage resulting from the use of this publication.


Comments are closed.