Over 8,000 Solana wallets were hacked, resulting in multi million dollars loss, and yet no clue of hackers!
Solana, due to its outstanding feature of speedy transactions, has been the most popular blockchain among crypto users. But after this tragic incident that took place just a few months back, people have started losing their trust in crypto wallets.
Imagine all your money vanished in just a blink of an eye!
According to Solana’s Twitter post, around 8,000 or more wallets on the Solana network had their money stolen by an unknown hacker. The loss up to this point is reportedly about $8 million.
However, the attack wasn’t limited to Solana. The ‘hot’ wallets, or wallets like Phantom, Slope, and TrustWallet that are constantly linked to the internet and allow users to store and send tokens with ease, were also compromised.
The reason for the attack remains unclear but Emin Gün Sirer, the creator of another well-known blockchain, Avalanche, and other industry leaders pointed out that the transactions were properly signed. That means the vulnerability may have been caused by a ‘supply chain assault’ that succeeded in stealing users’ private keys. They suggested that removing wallet approvals won’t help, instead, it is something that has caused widespread private key compromise.
Top Lessons Learnt from this Major Hack on Solana!
#1. Use Multisig Wallets
Adding an extra layer of security is not a bad idea, especially when your money is involved.
In traditional business, when a business depends too much on one person to succeed, it’s termed the “key person risk”. On the other hand, crypto businesses are vulnerable to a very literal version of this risk.
Thankfully, multi-signature cryptocurrency wallets come with a built-in mechanism for managing this type of risk. Multi-signature wallets are cryptocurrency wallets that require the signing and sending of a transaction with two or more private keys. The storage method requires multiple cryptographic signatures to access the wallet.
Let’s take an example of a bank safe that needs multiple keys to open: To some extent, that is how multi-signature cryptocurrency wallets operate.
You have the option to specify the minimum number of keys required to unlock the vault as well as how many keys are permitted to open it.
Let’s say 3 people have set up a multi-sig wallet where each of them owns one key. Now, the transaction can only be issued if two of the three keys are present. User 1 would proceed with a transaction with his key and the other users will receive pending requests for proceeding with the transaction in their dashboards.
Whoever between the remaining users signs the transaction first can execute it successfully even if the last users haven’t signed it yet.
Multisig ensures that no person in the firm can unilaterally withdraw funds from the account. You can set up a minimum no. of signatures required to execute a transaction. The more signatures required to complete a transaction, the more distributed the decision-making process can be. Hence, hackers will need to crack multiple keys to steal money from the account.
#2. Aptos is Way More Trusted than Solana
Aptos, also termed ‘the Solana Killer’ is a new layer-1 network that offers technical prowess that addresses some of Ethereum’s limitations and Solana’s frequent outages.
The Aptos blockchain is created with the Move programming language that’s best known for fixing some of the consistent issues with Ethereum including the scalability trilemma and Ethereum’s inability to perform parallel processing.
However, because Solana is a parallel processing blockchain, it can handle a large number of transactions. But, network downtime has been a major issue with Solana.
All of these constraints will not apply to the Aptos blockchain because it processes data at a rate of approximately 160,000 TPS. Aptos plans to reduce transaction fees by deploying a parallel execution engine (Block-STM).
Parallel processing allows all transactions to be completed concurrently and validated. Any failed transactions have no effect on the chain. STM (software transactional memory) libraries, in reality, cause failed transactions to be halted and re-executed.
Besides that, the Aptos network has an added layer of security on top of its great scalability and dependability. All assets can be managed independently on-chain, thanks to its programming language, MOVE.
As a result, it is difficult to duplicate or delete an asset once it has been created. As a result, common Ethereum attacks such as re-entrancy are no longer possible on the network.
In the wake of the latest Solana crypto thefts, it’s important to consider using a multisig wallet, most preferably on Aptos Blockchain.
Introducing Momentum Safe (MSafe) Multisig Wallet on Aptos/MOVE Ecosystem
MomentumSafe is the first most secure and extensible multi-signature wallet solution on the MOVE ecosystem, currently LIVE on Aptos DevNet & TestNet. It enables users to increase the security and decentralization of their MOVE assets, resources, and code.
MSafe supports a wide range of functionalities including -
- Treasury management
- MOVE module deployment
- MOVE module admin controls.
- DApp Integration.
Founded by a highly accomplished team of engineers Wendy F (former senior engineer of Diem’s Novi Wallet team) and Jacky W (former Sr. Blockchain Engineer in Harmony), Momentum Safe is designed to build a safe, open, extendable multi-sig wallet that’s most suitable for individuals, enterprises, and organizations.
The primary goal is to enhance the security of the Move ecosystem by adding another layer of security to protect user wallet, assets, code, and accounts, and a secure infra to support legit business/projects/DAO run on MOVE. The future goal is to bridge the gap between web2 enterprises and web3 space.
MSafe will not be just a wallet that helps enterprises manage their assets but also a service that takes care of all financial services an enterprise needs such as accounting, and recurring payments.