Millions of dollars in damage. Why Solana gets hacked so often?

The popularity of the blockchain has made projects operating in the ecosystem attractive to attackers. How developers deal with losses

Almost daily, crypto projects are subject to hacker attacks and hacks. Leading blockchains, which are monitored by entire divisions and many active members of the cryptocurrency community, are also losing money due to suddenly discovered vulnerabilities.

One of the largest blockchains, Solana, has recently faced hacker attacks on DeFi protocols and bridges operating in its ecosystem. As a result of these hacks, multimillion-dollar funds belonging to thousands of users were stolen.

What is Solana?

Solana is an open source blockchain project on which decentralized applications (DApps) are developed. The project was founded in 2017, and the mainnet of the platform (main network) was launched in March 2020.

The goal of the developers was to create a scalable, secure and maximally decentralized platform that can support thousands of nodes simultaneously without compromising throughput.

One of Solana key distinguishing features is the Tower Consensus mechanism. It reduces the load on network computing power. This helps the Solana blockchain achieve throughput that surpasses many competitors.

When developing and using decentralized applications, the bandwidth of the blockchain is of great importance. According to Solana, its network is capable of supporting more than 50,000 transactions per second (TPS) at peak load. It is almost 10K times faster than the Bitcoin network (about 5 TPS) and more than 3K times faster than Ethereum (about 15 TPS). The Solana network currently handles 2,000 transactions per second.

Solana also uses Sealevel technology, which allows the use of a parallel smart contract execution environment, which optimizes network resources.

At the same time, the average transaction fee on this blockchain is only $0.00025. This, combined with great scalability, makes the Solana network suitable for supporting various DApps that can host thousands of users at the same time.

On the other hand, anyone can run the Solana validator, since this process does not require permissions. Currently, the network has 1.9 thousand validators, which also makes it one of the most widespread networks.

Solana, like most blockchain platforms, has its own native token. The SOL coin is in 9th place by market capitalization with a valuation of $13.6 billion.

Hacking Solana Blockchain Projects

The large number of users and significant amounts of funds stored in the protocols of the popular blockchain make the network and its applications attractive to attackers. Solana, which has been supporting smart contracts since 2017, has a mature and fast growing ecosystem. It includes various DeFi protocols that are most often hacked.

So, on July 4, an attacker hacked into the Crema Finance protocol, which runs on the Solana blockchain, and withdrew $8.7 million worth of cryptocurrency. platform and withdrew more than 69 thousand SOL and about 6.5 million USDC to the Ethereum network.

8) The hacker swapped the stolen fund into 69422.9SOL and 6,497,738 USDCet via Jupiter. The USDCet was then bridged to Ethereum network via Wormhole and swapped to 6064ETH via Uniswap after that.

— CremaFinance (@Crema_Finance) July 3, 2022

At the end of July, hackers hacked the Nirvana Finance protocol, also running in the Solana ecosystem, and withdrew about $3.5 million in USDT stablecoin. In this case, the attackers exploited a vulnerability in the Nirvana Finance smart contract.

Looks like @nirvana_fi got hacked. Someone drained the protocol via what looks like a flash loan attack for ~3mil USDT. They've sent it to ETH mainnet via wormhole, and converted it to DAI. #opsec #crypto #hack #cryptohack

This is the eth address:https://t.co/KYmTqcxYZb

— Andy D (@AndyBTC_) July 28, 2022

In both cases, this was an “instant credit attack”. This type of fraud is a quick injection and dumping of assets received from instant and unsecured lending services.

In the Crema Finance and Nirvana Finance incidents, the hackers used funds borrowed from Solend, a flash lender to the Solana network. Then the attackers from the address tied to the SOL token attacked DeFi platforms and issued additional coins. After that, the hackers returned the amount of the flash loan to the Solend pool, and the remaining funds were withdrawn to third-party wallets.

On the night of August 2-3, hackers hacked into the wallets of clients of the Solana blockchain project. This hack affected several services, and in total 7.7 thousand wallets were affected, the private keys to which became available to attackers.

An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.

The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.

— Solana Status (@SolanaStatus) August 3, 2022

Cybersecurity company PeckShield estimated the loss to users at $8 million. Solana developers continue to look for a vulnerability that allowed hackers to gain access to wallets, more than 12 hours after the hack, its cause remains unknown.

How Developers Solve Hacking Problems?

First of all, project teams begin their own investigation, in which they are assisted by many volunteers from the crypto community, as well as companies involved in cybersecurity and monitoring of suspicious transactions.

However, the practice of offering a reward or “bounty” to a hacker for returning at least part of the stolen funds is becoming more common. At the same time, attackers are beginning to be called “white hat hackers”, along with IT specialists who are officially engaged in the search for vulnerabilities.

The developers of the Crema Finance platform offered the hacker an $800,000 reward for the return of stolen funds. After lengthy negotiations, the hacker agreed to return the stolen funds, keeping about $1.65 million for himself.

👉After a long negotiation, the hacker agreed to take 45455 SOL as the white hat bounty. Now we have confirmed the receipt of 6064 ETH + 23967.9 SOL in four transactions indicated below. A follow-up compensation plan will be released in 48h.

— CremaFinance (@Crema_Finance) July 6, 2022

DeFi platform Nirvana Finance, from which $3.5 million was stolen on July 28, also offered a $300,000 reward to the hacker for discovering a vulnerability in their protocol. The developers asked the attacker to return the stolen funds and promised to completely stop the investigation after that. There has been no response yet.

In recognition of your discovery of a vulnerability in our protocol, we are willing to offer a white hat bounty of $300,000 and a cessation of investigation. 3/5

— Nirvana Finance (@nirvana_fi) July 28, 2022

These are not the first cases when platforms show “weakness” and try to negotiate with attackers, pay them monetary compensation and not litigate.