The hack of the Solana (SOL) software wallets, which cost at least $4.5 million, is still being processed by the cryptocurrency community.
According to the preliminary investigation, certain wallets, including Slope and Phantom, have exploits that are to blame for the breach.
Following the breach, developers of Solana stated that they have discovered the compromised private keys “made, imported, or utilized in Slope mobile wallet applications” as the primary cause of the exploit.
Despite some of the community blaming Solana for the hack, a recent analysis of the exploit seems to clear the network of any wrongdoing.
On August 3, Web 3.0 powered by blockchain technology company Point Network reported in a series of tweets that the first indication that Solana is not to blame is that only two network wallets were impacted. The investigation went on to analyze what occurred on the wallets, hinting that a lackluster decentralized two-factor authentication system might be to blame.
The study indicates that a third party may have accessed the private keys, and in this instance, Solana is unable to distinguish between legitimate and fraudulent owners.
“Essentially, the root of the problem is that the Solana network has no way to distinguish between a real and a fake owner, to only allow the real owner to access the refund,” Point Network said.
The issue might potentially be used to compromise hardware wallets and multisignature systems, according to Point Network, but doing so is extremely unlikely. It’s interesting to note that Solana also stated on August 3 that there is no proof that the network’s hardware wallets were impacted.
The time lock feature, which establishes a deadline for verifying the transactions, prevented PointNetwork from exploiting the vault wallet. The wallets’ live functionality allows the genuine owner to cancel transactions and return money back to the vault, so the attacker can give up trying to steal the money.
According to the researchers, if a transaction is uncontested, it can be certified without the use of keys. The analysis’s final finding was that any network, not just Solana, might be the target of such an attack.
“This would work not just in a global situation where thousands of wallets are somehow affected, but in a normal setting too if your private key accidentally leaks or your device gets compromised. And this can work for *all* networks, not just Solana,” Point Network added.
It’s noteworthy that the claim supports Phantom’s position, which is that it “does not believe this is a Phantom-specific issue.” Although the hack’s specifics are still mostly unknown, Solana stated that it affected 7,767 wallets, including both browser extensions and mobile wallets.