New analysis reveals why Solana may not be entirely responsible for the theft of wallets
The cryptocurrency industry is still coming to grips with the breach of Solana (SOL) software wallets, which resulted in at least $4.5 million in losses. Initial investigation reveals that the breach was caused by a vulnerability in specific wallets, including Slope and Phantom.
After the attack, Solana developers said that compromised private keys “made, imported, or utilised in Slope mobile wallet apps” were the underlying source of the vulnerability.
A portion of the community has attributed the breach to Solana; however, a recent investigation of the exploit looks to exonerate the network.
In a series of tweets on August 3, Web 3.0 enabled by blockchain technology, Point Network revealed that just two network wallets were compromised, indicating that Solana is not to blame. The investigation continues to dissect what occurred in the wallets, implying that insufficient decentralised two-factor authentication may be the primary cause.
Solana unable to differentiate between actual and bogus users
According to the investigation, a third party seemed to gain access to the private keys. In this situation, Solana has no way of distinguishing between legitimate and fictitious owners.
Point Network said, “Essentially, the basis of the issue is that the Solana network lacks the ability to discriminate between a legitimate and a false owner, so that only the true owner may access the refund.”
In addition, Point Network said that the vulnerability might potentially be exploited through multi-signature wallets and hardware wallets, although this is very improbable. Interestingly, Solana also verified on August 3 that there is no proof that the network’s hardware wallets were compromised.
However, Point Network has ruled out hacking the vault wallet due to the timelock mechanism that establishes a defined window for processing transactions. Due to the live functionality of the wallets, the attacker may abandon their attempt to steal the cash since the valid owner can cancel the transaction and return the funds to the vault.
If the transactions are uncontested, they will be verified without the need for keys, according to the researchers.