Amid the early chaos and confusion of the Solana wallet hack, white-hat hackers took matters into their own hands to slow down the attack.

vigilantes, rpc, slope, crypto wallet, blockchain, solana, hack, ddos

In brief

  • Thousands of Solana wallets were drained in a widespread hack that’s now being blamed on an exploit with the Slope mobile wallet.
  • White hat hackers spammed “malformed” transactions to slow the Solana attackers, but it knocked out RPC servers in the process.

We’re starting to get answers about the large-scale Solana wallet hack that saw nearly $4.5 million worth of crypto being swiped from several thousand total users. But on Tuesday night, there was another interesting situation in the mix—one that saw some users try to fight back against attackers through brute force.

During the initial hours of the hack—which is now being blamed on an exploit tied to the Slope mobile wallet—developers and security auditors congregated to try and figure out what was happening and how they might mitigate it. One unidentified developer apparently suggested a solution that could impede the attackers.

According to SolBlaze, the pseudonymous founder of a Solana staking pool of the same name, the developer proposed using a previously-created script that “would try and write-lock the attacker's accounts, slowing their transactions down.”

Essentially, any transaction that makes a change to an account on the Solana blockchain—such as a balance change—will put a brief write-lock on that account, explained Michael Hubbard, founder and managing director of Solana validator operator, Laine.

“The dev thought they could trigger constant write locks on the hacker’s accounts,” said Hubbard, “thereby preventing the hacker's transactions from executing successfully.”

Explorer rpcs hit an odd bug. A grey hat hacker tried to dos the hackers wallets and sent a flood of malformed txs. When users clicked into them on the explorer there was an explorer specific parser bug and that rpc would crash.

— SMS T◎ly, 🇺🇸 (@aeyakovenko) August 3, 2022

An unknown number of white hat (or perhaps gray hat) hackers used the developer’s script to spam what Solana co-founder Anatoly Yakovenko has described as “malformed” transactions to the hackers’ accounts. It was similar to a distributed denial-of-service or DDoS attack.

SolBlaze believes that at least five to 10 users were involved in the spamming campaign, but the script was shared to a few hundred people—so it could have been more.

The technique may well have helped, at least in one way. SolBlaze said that only 300 wallets were affected by the draining exploit during the hour that the spam bots ran, as opposed to about 2,000 per hour beforehand. “We do have significant evidence that this spamming did slow down the hacker,” they said.

However, it caused a big problem too: RPC servers, which facilitate network traffic, started crashing as a result. Hubbard said this wasn’t an intentional move. Instead, the process unearthed a bug related to how RPC servers handle requests, which caused some servers to crash. Yakovenko tweeted that he created a patch to resolve the problem.

PLEASE DO NOT DDOS RPC SERVERS! IT ONLY MAKES IT HARDER FOR SOLANA AND DEVS TO DIAGNOSE THE ISSUE.

— SolBlaze.org | Stake with us! (@solblaze_org) August 3, 2022

With some RPC servers down, it became difficult for users to access the Solana network, and blockchain explorer tools struggled as well. That might have slowed down the attackers, but it impacted a lot of other people as well—including users who sought to transfer funds, and developers and security specialists trying to diagnose the attack.

“It was making it difficult to use explorers to track the attacker’s transactions, and also making it tough for people to move their funds from their wallet over to a more secure location,” SolBlaze told Decrypt. They said that representatives from Solana Labs and RPC providers asked people in their “war room” to stop spamming transactions at the attacker’s wallets.

The Solana Status page notes that the Solana blockchain itself remained online during the situation, but that some RPC nodes and explorer functionality were hindered. Even so, there were many mocking tweets about the stability of the Solana network, harkening back to past occasions when Solana actually did falter and crash.

lmao you can't make this up – some madlad started DOSing the hacker which caused the RPC nodes to start failing

FYI – the chain is fine pic.twitter.com/AzbEvFLft4

— mert | Helius ☀ (@0xMert_) August 3, 2022

“The FUD on Twitter was a bit overblown about the chain halting,” former Coinbase engineer and Helius co-founder Mert told Decrypt. “FUD” is an acronym for “fear, uncertainty, and doubt,” and is typically used to describe antagonistic criticism, or deliberate misinformation, from rivals in the crypto space.

Ultimately, the RPC servers were patched and came back online, and access issues around the Solana network ceased. Developers and security experts continued working to figure out the cause of the issues, and this afternoon, the Solana Foundation blamed an exploit tied to the mobile software wallet, Slope.

The DDoS-like transaction spamming caused some temporary collateral damage, despite the apparently constructive aims, but SolBlaze suggests that it was a beneficial campaign overall.

“We do believe that there was a net positive impact, though,” they said, “as the attacker was significantly hindered.”

Stay on top of crypto news, get daily updates in your inbox.

TECH NEWS RELATED

vivo V25 release: Dimensity 900 SoC, 6.44-inch 90Hz AMOLED display and 44W fast charging

vivo Malaysia recently confirmed that the vivo V25 will be coming to Malaysia on 29 August 2022 and we won’t have to wait long to know its specs as the same device was recently released in India too. Unlike the V25 Pro, the vanilla V25 is powered by a ...

View more: vivo V25 release: Dimensity 900 SoC, 6.44-inch 90Hz AMOLED display and 44W fast charging

How to throw a touch pass in Madden 23

Image via EA Sports Even though EA has introduced a new mechanic for current-gen users with Skill-Based Passing, the types of passes are still the same. Madden 23 features three kind of passes: bullet, lob, and touch passes. So, how does one perform a touch pass in Madden NFL ...

View more: How to throw a touch pass in Madden 23

How to earn and spend Black Gold in Tower of Fantasy

Image via Hotta Studio Another of the seemingly endless currencies in Tower of Fantasy, Black Gold is nonetheless a vital part of progressing your SSR Weapons to higher star values. The first time you get an SSR Weapon — Samir, Huma, Tsubasa, Zero, etc. — they’re at zero stars ...

View more: How to earn and spend Black Gold in Tower of Fantasy

Fortnite Chapter 3 Season 3 Week 11 seasonal quests and challenges

Screenshot by Gamepur Another week means another new batch of challenges in Fortnite Chapter 3 Season 3, and Week 11 may just be the most unique yet. Rather than having an overall theme, the quests in this set wildly differ from one another, so it shouldn’t feel as repetitive ...

View more: Fortnite Chapter 3 Season 3 Week 11 seasonal quests and challenges

Madden 23: How to create and use custom rosters

Image via EA Sports YouTube Madden 23 is now live worldwide, and much like with previous games, players can get pretty creative with the roster construction of each team. That’s because users have the ability the create and use custom rosters that can be made either by the user ...

View more: Madden 23: How to create and use custom rosters

We could see the new Apple iPhone 14 series on 7 September 2022

Every year, Apple hosts its next Apple Event in September. While there’s no official announcement yet, Mark Gurman from Bloomberg thinks the company would have it on 7 September 2022. Almost a week after that, the sales could happen on 16 September 2022. Obviously, we would be seeing the ...

View more: We could see the new Apple iPhone 14 series on 7 September 2022

Madden 23: How to unlock MUT Champions

Image via EA Sports Now that Madden 23 is out, it’s clear that as far as online play options in Madden Ultimate Team (MUT) are concerned, there’s a lot of change. Weekend League is a thing of the past, as MUT Champions has taken its place. MUT Champions is ...

View more: Madden 23: How to unlock MUT Champions

The best kart, tire, and glider setups in Mario Kart 8 Deluxe

Image via Nintendo When you choose your kart driver in Mario Kart 8 Deluxe, it is likely you will pick your favorite character from the roster. However, who you choose and the equipment they use will all factor into your overall performance while racing. Here is our recommendation of ...

View more: The best kart, tire, and glider setups in Mario Kart 8 Deluxe

The latest Anime Cross 2 Codes and how to enter Giftcode

Twitch's zero-explanation bans continue to baffle streamers, this time a popular VTuber

The next Apple Watch you pick up might be manufactured in Vietnam

Some of the latest Dai Hiep Story Code and how to enter Code

The best Genshin Impact Collei build - Collei weapons, artifacts, and F2P options

Chinese Parents to Use Digital CNY ‘Smart Contracts’ to Pay for After-school Lessons

AscendEX Lists Betswap.gg (BSGG), a DeFi Betting Exchange

How to enter Code of War God Rises to receive gifts

Summary of Super Power Snake Life Code and how to enter Giftcode

Canadian Pension Fund Writes Off $150M Celsius Loss, Believes They Entered Crypto “Too Soon”

How to activate Omnium Induction Plates in Tower of Fantasy

Madden 23: How to get Skill Points and upgrade coaches in Franchise Mode

OTHER TECH NEWS

Top Car News Car News