Daily Recap #8

Solana hack updates and other crypto news

1. Solana hack

Since August 3, over 9 thousand Solana wallet addresses have been hacked through a malicious attack. The hacker, being identified by 4 wallet addresses, was able to drain all of the affected wallets with the estimated total asset of at least $4 million dollars.

Both users using Phantom and Slope wallet were affected, but after an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses “were at one point created, imported, or used in Slope mobile wallet applications”.

It has been confirmed that Slope’s mobile app sent off mnemonics in plain text via TLS to their centralized Sentry server (for monitoring purposes). This means anybody with access to Sentry could access user private keys.

In the latest announcement, Slope stated that the server-side logging was removed as soon as the vulnerability was discovered, and investigation for any potential additional attack vectors is being conducted.

Relevant law enforcement agencies have been informed in order to proceed with criminal investigations against the attackers.

Hacker's identified Solana wallets are:

  • Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
  • CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
  • 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
  • GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy

Solana is a highly functional open source project that implements a new, permissionless and high-speed layer-1 blockchain. Created in 2017 by Anatoly Yakovenko, a former executive at Qualcomm, Solana aims to scale throughput beyond what is typically achieved by popular blockchains while keeping costs low. Solana is currently traded at $39.39 per token, down from $42.25 a day before the hack. Its market cap is $13.7B.

2. Messari acquires Dove Metrics

On Aug 2 2022, Messari acquired Dove Metrics assets and will integrate the assets into their data and research product. Dove Metrics was established in 2020 with a mission to make crypto fundraising markets less opaque. Dove Metrics has been led by Regan Bozman and PChuzeville who will continue to focus on early-stage investing at Lattice fund.

Messari is the leading provider of crypto market intelligence products that help professionals navigate crypto with confidence. Messari has built the leading crypto data and research provider and relentlessly focused on bringing transparency to the industry.

3. Gucci becomes first major brand to accept ApeCoin payments

High-end Italian fashion giant Gucci has become the first major brand to accept payments in the form of the Bored Ape Yacht Club-affiliated ApeCoin (APE). Gucci customers in the United States will now be able to purchase items in-store with APE, while the payment infrastructure will be provided by BitPay, a firm that has helped big names such as AMC Theaters accept crypto payments in the past.

The move was announced on Monday and could provide the ApeCoin project with significant mainstream exposure along with bringing further utility to the cryptocurrency.

ApeCoin was released in March 2022 by YugaLabs, the owner of the two famous NFT collections Bored Ape Yacht Club and CryptoPunks. At the point of this writing, $APE is worth $7.65 per token with the market cap of $2.3B.

4. Malware attack on Github

Hackers insert the Malicious script into source code in github in order to collect entire information from .ENV file including security keys, AWS access keys, crypto keys,… and send to the server of the hacker through url link using POST request. Do you think this could be what caused the Solana exploit yesterday?

There are several way to conduct the malware attack action:

  • The attacker clones the original repository in github, inserts the malicious script into it and resubmits it to github under fake orgs/repos with the same username and profile image account. Users using these codes will be attacked despite that the code they use is private. The original authors can be blamed for this.
  • Some of these are obfuscated as legit looking pull requests. But the repo has not received any PRs. Every single go file in that repo was infected. Best mitigation strategy for identifying falsified commits: GPG sign your commits!
  • Create merge requests that include malicious script.
You've successfully subscribed to Aura Insights
Great! Next, complete checkout to get full access to all premium content.
Error! Could not sign up. invalid link.
Welcome back! You've successfully signed in.
Error! Could not sign in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.