ditch hot wallets, experts tell crypto holders after solana hack
Damien Black Updated on: 04 August 2022
ditch hot wallets, experts tell crypto holders after solana hack

Image by Shutterstock

Crypto experts have reacted with dismay to the recent hack of Solana that robbed users of some $8 million, with many calling for investors to swap convenience for security and trade the more easily hackable hot wallets for cold ones kept offline.

Others have gone further still, pointing to the inherent vulnerability that cloud-based technologies and bridges between crypto platforms pose, with end users being the ultimate victims. Calls are growing for increased state regulation of the beleaguered industry, which has suffered breaches costing it well over $1 billion this year alone.

“I’ve been saying it for years, but it just isn’t wise for investors to leave their assets in a hot wallet,” said Modulus CEO Richard Gardner. “Yes, cold wallets aren’t nearly as convenient for making transfers, but they don’t represent an easy target for hackers either. Use your cold wallet. Take charge of your custody. Right now, custodians and exchanges aren’t doing enough to keep your assets safe.”

He added: “It amazes me that, no matter how many hacks occur, investors still prefer a hot wallet for convenience’s sake. Solana is one of the largest blockchains by value. Whether they or their third-party vendor were attacked is neither here nor there. If Solana can be breached, there’s no safe space. Until the government offers the industry a set of guidelines to keep this from happening, it will continue to happen.”

“It amazes me that, no matter how many hacks occur, investors still prefer a hot wallet for convenience’s sake.”

Richard Gardner, CEO of Modulus

Dominic Williams, chief scientist at DFINITY, pointed to inherent vulnerabilities in cloud-based technologies that presented easy targets for unscrupulous hackers.

“The latest Solana security issue once again proves how if you introduce ‘trusted intermediaries’, they will get hacked,” he said. Rather than live up to that trust, bridge technology has been plundered by cybercriminals in the past six months.

“Metamask-style wallets are hosted on a cloud, like the Google Chrome Store,” said Williams. “They are updated by trusted intermediaries, rather than algorithms, and interact with the cloud. What all of this means is that bridges can be hacked very easily.”

He added: “This is a consequence of people using centralized technology in blockchain and pretending it is real crypto. Continued hacks of this nature should inspire people to focus on internet identity, chain key cryptography, and generating alternative offerings to bridges.”

Crypto bloodied but not beaten

But despite such horrendous losses, other industry experts are predicting that crypto will weather the storm, albeit amid much infighting between competitors.

Matt Kordex, CEO of blockchain access provider Lisk, said that with the cryptocurrency market currently enjoying a “locked valuation” of roughly $14 billion, the loss suffered by Solana constitutes “a drop in the ocean.”

“The problem here lies rather in the large number of likely real-world users of Solana affected,” he said. “This hack is a consecutive security problem with their platform that will cause confidence in the platform to decrease. It showcases that the Solana user experience is not where it needs to be, as users still have to use multiple wallets or browser extensions to interact with blockchain applications.”

“This news will be overblown and used to spur further market fear, especially amongst Bitcoin maximalists who will use it to attack.”

Matt Kordex, CEO of Lisk

He added: “There is still a long way to go until this experience is seamless. Unfortunately, this news will be overblown and used to spur further market fear, especially amongst Bitcoin maximalists who will use it to attack other Layer One [cryptocurrency providers].”

Roland Graus of Agoric agreed that the DeFi industry as a whole would prove resilient, while pointing out that the Solana hack remains something of a mystery that bears further scrutiny.

“It’s important not to jump to too many conclusions since the root cause of the hack is still unknown,” he said. “However, the unknown cause itself has caused this hack to generate a lot of fear. It will certainly serve as a wake-up call for users to better secure their assets, for example using hardware wallets. Despite this, I don’t expect much impact on the wider market. We’ve shrugged off far larger exploits without a hitch.”

Urgent regulation required

Gardner had some praise for the introduction of the Regulation of Markets in Cryptoassets (MiCA) by the EU this year, which had in turn encouraged the US and UK to revisit their own guidance regimes, but stressed that this was not enough to deal with the urgent set of crises facing DeFi.

“The EU put together MiCA, and that’s really pushed the UK and the United States to move faster than they anticipated on digital asset regulatory reform,” he said. “But even MiCA has an extended runway. The industry really needs guidance immediately.”

He added: “Every day that passes allows exchanges, custodians, and other operators to move forward without safeguarding their customers completely. What we need is something with teeth that instructs the industry to implement best practices throughout their organization.”

Gardner called for sounder tech to safeguard investor assets, a crackdown on the types of human error that facilitate most hacks, and for exchanges to be redesigned to better resist threat actors.

“So many exchanges were built to get to market quickly, and they did that. But they never spent the required time to actually ensure that their exchange was technologically sound,” he said.

TECH NEWS RELATED

Zeppelin ransom gang executes malware multiple times within a victim’s network

Jurgita Lapienytė Deputy Chief Editor Updated on: 12 August 2022 Image by Shutterstock Threat actors using Zeppelin request ransom in Bitcoin, with extortion amounts ranging from several thousand dollars to over a million dollars. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a ...

View more: Zeppelin ransom gang executes malware multiple times within a victim’s network

Study reveals AI prediction model that could help save firefighter lives

Justinas Vainilavičius Senior Journalist Updated on: 12 August 2022 Image by NIST. Firefighters put their lives on the line as they enter a burning building. A new study shows that artificial intelligence (AI) could mitigate that risk by giving them an early warning. Flashover, a fire phenomenon when all combustible ...

View more: Study reveals AI prediction model that could help save firefighter lives

Russian threat group targets online vendors in Singapore

Damien Black , Senior Journalist Updated on: 09 August 2022 Image by Shutterstock A cyber-gang that targets legitimate sellers on internet advertising forums to harvest their payment credentials and drain their accounts has expanded its illicit operations into Singapore. The revelation comes from IB-Group, which has been tracking Classiscam since ...

View more: Russian threat group targets online vendors in Singapore

7-Eleven stores knocked out after a cyberattack in Denmark

Vilius Petkauskas , Journalist Updated on: 09 August 2022 Image by Shutterstock. US convenience store chain 7-Eleven had to shut down in Denmark after a cyberattack disabled checkout and payment systems all over the country. The group, which runs over 170 stores in Denmark, announced that it couldn’t use cash ...

View more: 7-Eleven stores knocked out after a cyberattack in Denmark

Researchers mitigate potential side-channel attack vulnerability in multicore processors

MIT researchers have shown that a component of modern computer processors that enables different areas of the chip to communicate with each other is susceptible to a side-channel attack. Credit: Jose-Luis Olivares, MIT A component of computer processors that connects different parts of the chip can be exploited by ...

View more: Researchers mitigate potential side-channel attack vulnerability in multicore processors

Threat actors use Google Cloud to spoof Best Buy

Damien Black Senior Journalist Updated on: 11 August 2022 Image by Shutterstock A phishing scam appears to be spoofing the multinational retailer – and though fairly easy to spot, it may be working because it uses Google’s trusted reputation to bypass email security, says analyst Avanan. “In this attack, hackers ...

View more: Threat actors use Google Cloud to spoof Best Buy

Identity theft: why oversharing your data online could put your quality of life in jeopardy

Cybernews Team Updated on: 11 August 2022 Image by Shutterstock The repercussions of having your identity stolen could be huge, and aren’t necessarily just monetary. Identity theft is a form of digital fraud where a criminal not only steals your data but also impersonates you with it. Impersonators then use ...

View more: Identity theft: why oversharing your data online could put your quality of life in jeopardy

Why Should I Backup Data? What’s The Importance

According to recent study, around 1,40,000 hard drives fail each week in the US. Of course, hardware failure is just one piece of the puzzle.  When you factor in human error, hackers and viruses, and natural disasters, it becomes evident how common data loss actually is. And yet, ironically ...

View more: Why Should I Backup Data? What’s The Importance

Cisco hit by cyberattack from hacker linked to Lapsus$ gang

Joe Mutti, ForwardAI: “before you dive into your ocean of data, always establish a clear objective first”

Matt Pattinson, Aveni: “companies should follow the principle of least privilege”

Russian hackers target Finland parliament’s website

Cloudflare targeted by a sophisticated phishing attack

Cyber-group offers DDos attacks for $80 an hour – but only against Russia and Belarus

Boston crook jailed for scamming elderly online

Meta's identity crisis could be its downfall

Emotet continues its reign as the most widely used malware

Samsung showcases new foldables

The importance of protecting privacy in a post-Roe world

Public healthcare service in UK hit by ransomware

OTHER TECH NEWS

Top Car News Car News