Solana's $6M Hack: How to Protect Your Money with the Bitget Protection Fund

August 3, 2022 was a dark day for the crypto world. Panic and chaos struck as a mass attack swept the burgeoning Solana blockchain. A total of 8,000 wallets were hacked and 6 million USD drained. What happened that day and how could we avoid such a horrendous attack from happening again?

When A Mid-Summer Dream Turned Nightmare

Solana was a new and thriving blockchain. It was ranked the top 5 blockchain by total value locked. It was a night in Solana Summer Camp Hackathon that promised 5 million USD in prize and funding. Thousands of people rejoiced around the world to "meet up with hackathon builders, find teammates, and learn about developing on Solana". All was going well…

At approximately midnight of August 2 (UTC), words started to circulate about wallets on the flourishing Solana blockchain being drained. As more and more people came to social media to report their lost funds, fear quickly casted a looming shadow over the whole crypto market. Fear led to panic, panic led to questions and rumors.

Is it a targeted attack? Or is it done indiscriminately?

How many wallets have been affected?

Will the attack stop? When will it stop?

Is a Solana-specific bug the cause? Or what are the contributing factors?

Words began to spread mid-night August 2 that a widespread attack on Solana was happening

The commotions were bewildering. Getting truth from noise at that time was no easy feat. But one thing was becoming crystal clear: that a specially designed smart contract to alter the network or wallets for mass attack was not the case; the affected wallets were signing and approving transactions as the very owners. The reality was a far more worrying case, as thousands of wallets' private keys were compromised. Did Solana have an innate bug that disclosed private keys? Since most hacked wallets were on mobile, was it a mobile-specific vulnerability? Or since many hacked wallets were Slope's, was it a certain wallet's error?

While people were flocking to find the cause of leaked private keys, a Github widespread malware attack was discovered at the same time, targeting many crypto-related projects and making that night a mid-summer nightmare.

Information about Github malware attack happening simultaneously as the Solana wallet hack added fuel to the chaotic fire.

The Github team was quick to jump in and resolve the problem. It turned out that one developer found a problem with Github and was attempting to test-exploit it on one variable. That developer even claimed to be able to prove the attack server was his and he could prove it. In the end, the Github attack was blown out of proportion and had nothing to do with the Solana one. But talk about perfect timing, it sure added to the chaos and fear.

As the crypto community flocked to understand the Solana hack, a heroic individual took it upon himself to overwhelm the network and slow down the attacker in a DDOS attack. People on crypto Twitter hailed him as "the hero we need but don't deserve".

The massacre slowly came to an end while the sun was peeking over the horizon. When the sun glared at the top of our head, Solana left everyone with a promise to gather "[e]ngineers from across several ecosystems, in conjunction with audit and security firms, [...] to investigate the root cause of [the] incident".

Solana Co-founder and Solana Lab CEO, Anatoly Yakovenko, was quick to blame iOS and Android for the attack on his personal Twitter account. Then after a seemingly more profound investigation, Solana concluded that: "it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications."

Slope Finance since then has issued an official statement regarding the attack on their Medium and put up a bounty worth 10% of the total hacked amount with the condition that the original hacker returned 90% of the total hacked amount. Whether that desperate bounty is effective, we shall see.

The Solana Foundation also created a form to collect information about the compromised wallets during the mass attack. Affected users should fill out the form here.

The Aftermath

Solana's backers like Chamath Palihapitiya and Andreessen Horowitz said that Solana could be a great challenger to Ethereum, since the former is superior in speed and fee. But after this attack, a good old question is raised: "Is cheaper and faster necessarily better when that makes the blockchain a perfect target for hackers?"

Even though the SOL price dropped only 3% since the massacre happened and the activity was restored to normal, crypto users are still bugged with how to better protect their money.

How to Protect Your Money Against Malicious Crypto Attacks

Crypto and DeFi are often boasted as the future of finance by many believers, but it cannot be denied that security is still a problem for both crypto users and non-crypto users. Regulations are starting to be implemented in different parts of the world to better protect crypto investors. Yet, in this wild-west industry, DYOR (do-your-own-research) and protecting yourself should be the first thing that comes to mind.

For new investors, you should read about different kinds of crypto wallets here.

After the recent Solana incident, many users have come to social media to demand Solana and Slope return their money. While it is difficult for users to lose their hard-earned money, it is also difficult for such projects to churn out millions of dollars to compensate their users all at once. That's probably why Slope has that bounty in vain.

Instead of telling the attacker to pay back your money, you should think about insurance or other types of protection that 100% guarantee to mitigate the risk of money loss. Bitget's 200- million-USD Protection Fund is a notable example. The fund, which consists of 6000 BTC and 80 million USDT, will have its value secured for the next three years. It will cover loss for users if such loss is not a consequence of the user's or the platform's behaviour. In that case, the user may contact [email protected] within 30 days of the incident, and the Bitget team will conduct a thorough investigation to ensure fairness and security for the user.

To best protect our user's money, 80 million USDT is available in the Fund to reduce volatility and the Fund is totally self-funded to work efficiently without external bureaucracy.

Also, Bitget implements stringent KYC and AML policies, and rigorously follows local compliance regulations, with the aim of strengthening its standards, establishing utmost security, and maintaining a regulated operation.

To find out more about Bitget's Protection Fund, please visit here.

Follow Bitget Academy for more insights:

Twitter | Telegram | LinkedIn | Facebook | Instagram