An ongoing Solana (SOL) hack has impacted over 8,000 wallets and drained an estimated USD 4.5M-USD 8M in funds. Four addresses linked to hackers have stolen up to USD 580 million in crypto assets from over 8,000 wallets, according to data compiled by crypto tracking platform MistTrack.
MistTrack, on the other hand, stated that, excluding the value of EXIST and “other shitcoins,” USD 4.5 million in SOL, USDC, USDT, bitcoin (BTC), and ethereum (ETH) were stolen.
Nonetheless, blockchain researcher PeckShield estimated a larger loss, stating:
“So far, the loss is estimated to be USD 8 million, excluding illiquid shitcoins (only 30 holds & possibly overvalued [USD] 570 million).”
Users began reporting that their funds had been drained without their knowledge from major internet-connected “hot” wallets such as Phantom, Slope, and TrustWallet as the hack began. Some affected users claim they haven’t interacted with any contracts in over 40 days. The transactions are signed by the actual owners, according to blockchain auditor OtterSec, implying a private key compromise. They advised all affected wallet users to transfer their assets “to a hardware [wallet] or a centralized exchange.”
The exact cause of the hack is still unknown, but it appears to have primarily impacted mobile wallet users.
Engineers from multiple ecosystems are investigating drained wallets on Solana, with the assistance of several security firms, according to the Solana team.
“There is no evidence that hardware wallets have been compromised,” they added.
Phantom, on the other hand, stated that “at this time, the team does not believe this is a Phantom-specific issue.”
Only a token-specific delegation, an auto approve, or a leaked seed, according to Solana Labs co-founder Anatoly Yakovenko, could transfer assets from a wallet on behalf of the user.
“Because system transfers are taking place, delegation is out. There is no way a “interaction” could expose a wallet “He continued.
Yakovenko later stated that this appears to be an iOS supply chain attack, noting that imported keys were also compromised, and that
“Multiple plausible wallets that only received sol and had no interactions other than receiving have been affected,” […] “as well as keys imported into iOS and generated externally.”
He also asked the community if any of them had been impacted by the attack on an Android wallet, with the seed phrase being used exclusively in that android wallet.
In terms of resolving the issue, Yakovenko advocated for increased security on the part of Apple and Google.
Others have speculated that a trusted third-party service may have been compromised in a so-called supply chain attack
because the hacker gained the ability to sign transactions on behalf of users.
“Confirmed with the cross chain user that their TrustWallet seed phrase was imported into Slope. Both Slope and TrustWallet appear to use a single seed phrase across the blockchain “According to analyst Adam Cochran. “This is most likely why there have been so few direct cases on Ethereum. Is it possible to expose seeds using Solana apps?”
PeckShield also commented on the supply chain theory, claiming that “the widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affected wallets.”
Meanwhile, Solana validator Laine has denied reports that validators have blacklisted or intend to blacklist wallets linked to hackers.
“We haven’t blacklisted anything, and we’re not aware of any plans to do so. Explorers have blacklisted them, resulting in warnings, but this has no effect on transactions “Laine stated.
Notably, the ongoing hack may be nearing its conclusion, as the amount of SOL stolen per minute has decreased dramatically. A Dune dashboard that tracks the amount of SOL stolen per minute shows that less than SOL 1 has been stolen at the time of writing (7:20 UTC). In comparison, the hack began with over SOL 500 and even over SOL 1,000 rifled per minute at one point.
SOL, the ninth coin by market capitalization, is currently trading at USD 38.67, down 4.1 percent in the last 24 hours. At this point, it is up nearly 7% in 7 days and 16% in a month.
Read More About Cryptocurrency Here
India is Investigating Ten Cryptocurrency Exchanges For Money Laundering.
The Enforcement Directorate of India is now pursuing an investigation against ten cryptocurrency exchanges that are suspected of being involved in the laundering of over 1 billion rupees, which is the equivalent of over $125 million in digital currency.
According to The Economics Times, the cryptocurrency exchanges, which have not yet been named, were used by several companies that have been accused of money laundering to make purchases of more than 100 million rupees worth of cryptocurrency, which were then transferred to other international wallets, the majority of which were linked to mainland China.
The exchanges had a poor control on the activities of their users.
In addition, the sources mentioned that the exchanges acquired KYC data of questionable provenance, as the accounts that were followed belonged to individuals who lived in faraway places “with no relation to the transactions.”
However, the exchanges asserted that they were in conformity with KYC laws, despite the fact that they did not provide any suspicious transaction reports (STRs) that could have led to the discovery of information regarding alleged instances of money laundering.
Therefore, the failure to comply with the measures required by regulators made it more difficult to trace the account, which, upon learning of the investigation, reportedly proceeded to withdraw their funds and log off, according to sources close to the investigation. This made it more difficult to track down the account.
“As soon as these companies discovered that they were being investigated, they shut down their operations and utilized the crypto way to transfer the money overseas. The unregulated nature of the cryptocurrency business combined with the opaque nature of the ecosystem for cryptocurrencies offered the necessary cover for these companies to park their funds offshore.
The cryptocurrency exchanges Binance and WazirX are currently under investigation in India.
Following a series of Twitter spats between the CEOs of both firms about ownership and regulatory non-compliance by WazirX, the ED has decided to focus its attention on Binance and WazirX, as was recently published on CryptoPotato.com.
After the argument between the two companies, the ED blocked WazirX’s bank accounts, which together held more than $8 million, on the grounds that the exchange had “actively” assisted in the laundering of illicit funds for more than 15 different fintech companies.
In reaction, Binance stated that it expects WazirX to “take full responsibility for its operations and users’ funds,” while emphasizing that the global cryptocurrency exchanges has nothing to do with WazirX’s operations. Binance also emphasized that it has nothing to do with WazirX’s operations.
Although the ED is investigating several cryptocurrency exchanges for money laundering, an industry executive who spoke to the Economic Times stated that the exchanges are the second point of failure in these crimes. This executive stated that the money comes in and out of these crimes primarily from traditional banks, which did very little or nothing to trace the funds, which is why “it wasn’t caught at the banking level.” Despite the fact that the ED is investigating several cryptocurrency exchanges for money laundering, the executive stated that the exchanges are the second point of failure.
Read More Cryptocurrency News Here
Ethereum Completes Its Final Test Before a Major Crypto Event.
Ethereum, the second-largest cryptocurrency by market value, had a final dress rehearsal before a years-awaited upgrade.
Ethereum has been mined using a proof-of-work approach since its introduction in 2010. It needs difficult math formulae and a lot of energy.
Ethereum is transitioning to proof of stake for network security. The new method uses users’ existing ether cache to verify transactions and generate tokens, rather than energy-intensive mining. It consumes less electricity and should speed transactions.
Wednesday 9:45 p.m. ET was the final test.
Ansgar Dietrichs, an Ethereum Foundation researcher, said the most meaningful statistic for success is time to finalization. “Another good exam,” he said.
Galaxy Digital’s research associate noted that after the test merging, participation reduced and there may have been a client issue, but generally, it functioned.
Christine Kim tweeted, “A successful Merge = chain finalizes.” We may see similar troubles with the mainnet upgrade, but “the Merge worked.”
Thursday’s developer meeting will address the upgrade’s timing. The merger was expected to begin in mid-September.
For years, Ethereum’s transformation has been delayed. Core developers say the merge has been gradual to allow for study, development, and implementation.
Ether, the Ethereum blockchain asset, has gained about 80% in the last month, including 10% in the last 24 hours, to $1,875. It’s down half this year.
One of Ethereum’s testnets, Goerli (named for a Berlin train station), mirrored the mainnet’s September process.
Testnets let developers try new things and make modifications before main blockchain updates. Wednesday’s exercise revealed that proof-of-stake reduces the energy needed to verify a block of transactions and that the merger process works.
Josef Je, a former Ethereum Foundation developer who now manages PWN, stated Goerli has a bottom-up testnet.
Je said it’s the most popular testnet, and proof of stake on Goerli will be almost equivalent to mainnet.
Goerli is “the closest to mainnet, which can be beneficial for testing smart contract interactions,” according to the Ethereum Foundation’s blog.
Tim Beiko, Ethereum’s protocol coordinator, claimed they knew “within minutes” if a test was successful. In the hours and days ahead, they’ll still seek for setup flaws to fix.
“We want the network to finalize and have a high participation percentage among validators,” added Beiko.
Participation rate is the easiest indicator to track, Beiko noted. Developers must discover out why if numbers drop.
Transactions are another matter. Ethereum blocks transactions. Beiko said blocks with transactions indicate the test went properly.
Last, make sure more than two-thirds of validators are online and agree on the chain history. Normal network circumstances take 15 minutes, says Beiko.
If those three things seem excellent, there’s more to check, but things are moving nicely, said Beiko.
The Ethereum community has been testing proof-of-stake on a chain called beacon since December 2020. Beacon solved critical issues.
Beiko said the original idea needed validators to hold 1,500 ether, worth $2.7 million. The new proof-of-stake proposal requires only 32 ether, or $57,600.
“It’s not trivial, but it’s more accessible,” Beiko added.
Other events have shaped Wednesday’s test. Ethereum’s longest-running testnet, Ropsten, united its proof-of-work and proof-of-stake chains in June. It was the first big dry run for the mainnet’s planned process next month.
Beiko said testing the merge ensured that Ethereum’s software was reliable and that everything built on top of the network was ready for the changeover.
Blockchain Bridges In Trouble
Another day, another hack, and another bridge on the blockchain is destroyed.
It was the eighth heist of 2022 to target Blockchain “bridges,” which are lines of code that assist transmit cryptocurrency money between different applications. The theft occurred last week when thieves stole an estimated $190 million from American crypto business Nomad.
According to statistics from London-based blockchain analysis company Elliptic, hackers have already stolen cryptocurrency worth over $1.2 billion from bridges this year, more than double the amount they did last year.
Ronghui Hu, an associate professor of computer science at Columbia University in New York and co-founder of the cybersecurity company CertiK, stated, “This is a conflict where the cybersecurity firm or the project can’t be the winner.”
“We have so many initiatives to safeguard. When they examine a project and discover no bugs, they (hackers) can just go on to the next one until they identify a weak spot.”
Currently, the majority of digital tokens operate on their own distinct blockchain, which functions as a kind of online ledger for cryptocurrency transactions. When initiatives using these coins get isolated, their chances of being widely used are decreased.
Blockchain bridges seek to topple these barriers. In “Web3,” the much-hyped vision of a digital future where cryptocurrency is integrated into online life and commerce, backers claim they will play a crucial role.
The Nomad hack ranked as the eighth-largest cryptocurrency theft ever. A $615 million theft from Ronin, which was utilized in a well-known online game, and a $320 million theft from Wormhole, which was used in so-called decentralized banking applications, are two other bridge thefts that have occurred this year.
According to Steve Bassi, co-founder and CEO of malware detector PolySwarm, “Blockchain bridges are the most fertile ground for new vulnerabilities.”
Support has been given to Nomad and other businesses who produce blockchain bridge software.
Nomad, situated in San Francisco, claimed to have received $22.4 million from investors just five days before being hacked, including prominent exchange Coinbase Global (COIN.O). Pranay Mohan, co-founder and CEO of Nomad, referred to its security methodology as the “gold standard.”
To monitor the stolen funds, it has stated that it is collaborating with law enforcement organizations and a blockchain analysis company. It announced a reward of up to 10% for the return of money stolen from the bridge late last week. It announced on Saturday that it had so far recovered more than $32 million of the funds stolen.
The restoration of bridging user cash is our first priority, and community is what matters most in cryptocurrencies, according to Mohan. “Any party that reimburses 90% or more of monies that were misused would be regarded as a “white hat.” White hats won’t be charged by us, “He claimed, making reference to purportedly moral hackers.
According to recent discussions with several blockchain and cyber security experts, bridges’ intricacy makes them potentially vulnerable points for projects and apps.
According to Ganesh Swami, CEO of blockchain data company Covalent in Vancouver, which had some cryptocurrency stored on Nomad’s bridge when it was hacked, “one reason why hackers have targeted these cross-chain bridges in recent times is because of the immense technical sophistication involved in creating these kinds of services.”
Some bridges, for instance, alter crypto coins to make them interoperable with various blockchains while keeping the original coins in reserve. Others rely on smart contracts, intricate agreements that automatically complete transactions.
All of these could have bugs or other weaknesses in the programming that could open the door to hackers.
So how should the issue be handled?
According to some experts, audits of smart contracts and “bug bounty” programs that reward open-sourced assessments of smart contract code could assist prevent cybercrimes.
Others argue that deconcentrating control over the bridges among fewer organizations would increase their resilience and code openness.
Because they frequently use a centralized infrastructure that typically locks up assets, cross-chain bridges are a tempting target for hackers, according to Victor Young, founder and chief architect of U.S. blockchain company Analog.
Economic News4 weeks ago
JPMorgan Chase’s Second-Quarter Earnings Were Disappointing
NFT News4 weeks ago
This Week’s Top 5 NFT Platforms
NFT News4 weeks ago
Tony Hawk Joins The Sandbox
Economic News4 weeks ago
The Food Shortage Could Be More Lethal Than Covid
Economic News3 weeks ago
Europe Prepares For A Gas Crisis