Following a major hack in Solana-based wallets in the early hours of August 3, Indian cryptocurrency exchanges said it’s unlikely to impact all Indian Solana traders unless they were using one of the impacted wallets.
Nearly 8,000 wallets were hacked and investors stand to lose over $7 million across Solana-based wallets including Phantom, Slope, and TrustWallet. Several Solana-based tokens like SOL, SPL, and others were stolen.
To give a perspective, Solana is one of the more popular cryptocurrency tokens traded in India. As per CoinSwitch’s CRE8 index, it has been the sixth largest token to be traded in the country over the past 28 days. This, despite more than 10 network outages seen with the token and its blockchain over the last year.
But for the existing traders and holders of the token, the good news is, that this was only limited to certain ‘inactive’ but internet-connected Solana-based hot wallets like Phantom, Slope, and TrustWallet. The phantom wallet was also inactive for the past six months, industry experts said.
What went wrong?
“It is speculation as to who exactly is behind this and what the motive is, but it seems that either there has been like a major private key compromise or a seed phrase compromise that has resulted in such a widespread hack,” Parth Chaturvedi, Crypto Ecosystem Lead, CoinSwitch told Moneycontrol.
“In the case of Solana, it's a wallet related hack. In crypto, there are two concepts that are very important. One is the private key concept. So if you want to access your digital assets, you have to use the private key. Generally, when wallets are being set up, you set up a recovery phrase or a seed phrase. So If I've lost my private key, I can use the recovery seed phrase to generate that key again. In this particular hack, there has been a compromise on the seed phrase,” he explained.
Use hardware Wallets
While there’s no legal framework to penalise the hackers or protect the investors in the crypto world, this incident’s major takeaway is the fact that internet-linked hot wallets are not secure after all.
According to industry experts, top Indian exchanges usually offer a ‘custodial wallet’, which means the wallet and its private keys are managed by a trusted third party who secures the investors’ funds and returns them if you want to trade or send them elsewhere. In India, these third parties would be the exchanges.
Either way, investors should opt for hardware or cold wallets, which is can operate offline like USB drives and needs to be plugged into a computer to sign transactions. Though slow and cumbersome as compared to internet-linked wallets but definitely more secure.
“It is not Solana network itself that is getting hacked but the wallets which support Solana. It is important for users to use well-established and safe wallets and be cautious not to install unwanted apps on their computers and mobiles. We do have our share of Solana holders in India and thus should have affected us as well,” Sathvik Vishwanath Co-Founder and CEO Unocoin told Moneycontrol.
Prashant Kumar, Founder, WeTrade added, “The initial signals point to compromised keys which are evident by the digital footprints which are apparently signed by the respective owners. One of the key things to learn through this is to ensure 100% privacy of the private keys and some users have started to move their coins to hardware wallets.”