4 things to learn from the embarrassing Slope notch at Solana

4 things to learn from the embarrassing Slope notch at Solana

Now we know: The hack that emptied thousands of user wallets (more than 8,000 at the time of writing) on ​​cryptocurrency platform Solana wasn’t the result of some kind of widespread system failure. It was very likely due to extremely poor security practices by cryptocurrency wallet provider Slope.

According to the security company Otter, the hack was caused by Slope sending users’ seed phrases in clear text to a centralized server. A seed phrase corresponds to a private crypto-key; it’s a series of words that “unlock” the funds in a crypto wallet so that whoever owns the phrase can do whatever they want with them. “Clear text” means these phrases were sent unencrypted over the internet, making them an easy target for hackers.

In short: Slope did something no company should ever do, and it cost users more than $4 million. (For the record, Slope said in an official statement that “nothing is yet firm” regarding the hack, however several other experts agree with Otter.)

The number is not huge in the world of cryptocurrencies, where multi-million dollar hacks are common. But the hack was a nightmare for crypto users, as people’s funds just started randomly disappearing from their wallets, and it took almost a day for security experts to catch up and figure out what had happened.

SEE ALSO:

Nomad crypto hack turns into mass theft of $190 million

So what can you do to ensure that such incidents do not affect you in the future? No strategy is foolproof, but here is some advice.

1. Software cryptocurrency wallets can be ridiculously bad when it comes to security

You’d think that a company specializing in crypto wallets wouldn’t even send emoji unencrypted, but you’d be wrong. Slope appears to have committed one of the worst offenses possible by sending users’ seed phrases unencrypted over the internet.

The lesson to be learned here is this: Even when a company says that security is a priority; even when operating in a space where safety is extremely important; even when they pinky swear that your money is safe, you still need to be vigilant.

2. All the cryptography in the world doesn’t help when there is a weak link

When you set up a crypto wallet, you’ll usually get messages telling you to keep your seed phrase and private key safe and not show it to anyone. You can also see notes that there is advanced cryptography at work here, and if you lose both your seed phrase and access to your private key, you will never be able to get your money back.

While that may be true in some cases, the most advanced cryptographic security measures will be of little use if the wallet itself mishandles your seed.

3. Use a hardware wallet if possible

Ledger Nano X

Ledger offers a hardware wallet that works with Solana.
Credit: Ledger

A hardware cryptocurrency wallet is a device, often similar to a USB stick, that allows you to hold, spend, and receive cryptocurrency. It usually offers more security than a software wallet, although it is a bit more complicated to use.

When the Slope attack began to hit user wallets, both Solana and Slope advised users to transfer their funds to a hardware wallet. It’s good advice in principle, but most users don’t have a hardware wallet handy, and ordering one online and receiving it usually takes a few days.

So one thing you can do, especially if you handle significant amounts of crypto, is order a hardware wallet before disaster strikes. Companies like Trezor and Ledger offer one. However, keep in mind that even hardware wallets can have security holes, and the companies that make them can have poor security practices. For example, Ledger had a terrible data leak where hackers obtained users’ names, home addresses and other data. On the other hand, Trezor, which has a good security record, does not support Solana as of this writing.

4. Sometimes a centralized exchange can save you

In crypto, there is a saying: Not your keys, not your coins. That means if you keep your coins with a third party, such a centralized crypto exchange, you don’t really control what happens to them.

However, in the case of yesterday’s Slope hack, the best thing you could do to protect your coins (if you didn’t have access to a hardware wallet) was to send them to an exchange like FTX or Binance, as those exchanges were unlikely to be either affected by the same problem. As a quick safety measure, it was a decent option; you can always move your coins elsewhere after the dust settles.

See also  The 5 biggest data breaches in 2022

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *