Solana blockchain has become a target of hackers: $ 320 million in cryptocurrency has been stolen
08.02.2022

Solana blockchain has become a target of hackers: $ 320 million in cryptocurrency has been stolen

By bit.team

The decentralized financial sector has witnessed another theft of cryptocurrencies by hackers, who this time targeted the Solana network, according to Coinmarketrate.com, one of the cryptocurrencies around which many DeFi projects have been revolving for some time.

The cybercriminals reportedly targeted a protocol used to exchange cryptocurrencies, including non-interchangeable tokens (NFT), between the SOL and Ethereum blockchains. This incident once again drew attention to issues related to tools that allow connecting various blockchains, also known as cross-chain bridges, the implementation of which in the future has long been a subject of discussion.

According to the American cybersecurity company CertiK, the attackers who carried out the cyberattack on Solana took possession of Ethereum, Solana and USD Coin tokens in the amount of $ 320 million, but an investigation is currently underway, which, in the worst case, may revise the results in the direction of increasing losses from the cyberattack.

Experts believe that hackers exploited a vulnerability in the Wormhole inter-chain bridge, which allows you to transfer certain digital assets from one blockchain to another. Representatives of the company confirmed violations in the operation of the platform, and later announced that their web portal would be offline for maintenance.

Inter- chain bridges: how they work and problems

As mentioned above, the Solana hack has made many experts wonder about the need to pay more attention to the vulnerabilities of inter-chain protocols.

It should be clarified that the process by which Wormhole can ensure the transfer of tokens between two blockchains is very simple: the protocol fixes this cryptocurrency in a smart contract, and in the meantime issues a parallel token from the second smart contract on the connected blockchain. In this particular case, smart contracts were located on the SOL and ETH infrastructure.

As many experts note, an inter-chain bridge that provides communication between many blockchains is more likely to become the target of a cyberattack, since cybercriminals can lead an offensive in several directions.

“The $320 million cyberattack on Wormhole highlights the increased propensity of hackers to target blockchain protocols. This attack is a wake-up call for cybersecurity regarding blockchain,” said Ronhui Gu, a cybersecurity expert and co-founder of CertiK.

So far, the cyberattack on Solana is second only to the one that affected the DeFi Poly Network platform in August 2021: then the value of the stolen cryptocurrencies exceeded $ 600 million.

The largest theft of cryptocurrency worth $ 600 million

A hacker attack on the Poly Network platform led to the largest theft in the cryptocurrency industry to date, with a total value of more than $ 600 million.

This then became known from the Poly Network’s own management, which published a letter on its Twitter page to establish contact and urge the attackers to return the stolen assets. The decision to appeal to criminals: “Dear hackers! Please return our money” was perceived by the crypto community on the web with irony.

At the same time, online investigations have been launched in coordination with various partners who are experts in the field of digital security to find criminals. By the way, those in their recent statements were not very optimistic that they would be able to identify the hackers and return the stolen money.

A miracle happened, and the hacker turned out to be a “White Hat”. He responded to the request, and returned (fortunately) the funds, pointing out the security holes.

In 2021, $ 400 million worth of cryptocurrencies were stolen

2021 was a record year for the cryptocurrency and NFT industry. In addition to private companies, States have also begun to implement their own strategy for this new sector. For example, El Salvador became the first country in the world to recognize Bitcoin as a legal tender for everyday purchases. Speaking of South America, Mexico recently announced that the National Central Bank will launch a “digital peso” by 2024.

Losses of the cryptocurrency sector from fraud and hacker attacks. Source: Chainalysis

At the same time, the governments of a number of countries are ready to adopt laws regulating the cryptocurrency sector as soon as possible in order to limit cyberbullying. This is an increasingly common phenomenon. According to the report made by the British analytical company Elliptic, the volume of fraud on decentralized finance platforms (DeFi) using the blockchain technology will reach $10.5 billion in 2022.

Among them, the North Korean hacker group known as the Lazarus Group is particularly active. Members of the group, as recently reported in a preliminary review of Chainalysis’ Crypto Crime Report, committed at least seven attacks on cryptocurrencies in 2021, managing to steal about $400 million in digital currencies.

Source: Chainalysis

Lazarus Group already made headlines in international newspapers in 2014, when Sony’s servers were subjected to a cyberattack, as a result of which a film about the North Korean regime and its leader Kim Jong-un, The Interview, was withdrawn from sale.

After this action, the hacker group specialized in stealing cryptocurrencies, stealing an average of more than $200 million a year, from 2018 to the present.

2021 appeared to be especially productive as, as it is said in another report by Chainalysis, the growth was 40% in comparison to 2020.

Such hacker attacks cause double damage to the international community. In fact, these are not only thefts against those who invest in cryptocurrencies, but also, as the UN has already noted, the proceeds are used by Pyongyang to finance the development of its nuclear weapons program, thereby increasing global geopolitical tensions.

Ethereum – one of the coins that suffered most

ETH is among the cryptos that suffered most from North-Korean hackers. It accounts for about 58% of stolen funds, while BTC accounts for only 20% of the total. It even gave the way to ERC-20 tokens and other altcoins.

Besides, Chainalysis revealed new complicated ways for money laundering because of that exchange occurs on platforms that do not have that strict regulation.

Also, there is another way – not to cash out money got from the stolen funds. As mentioned before, hackers are ready to freeze funds for years before they get their revenue.