Ditch hot wallets, experts tell crypto holders after Solana hack


Crypto experts have reacted with dismay to the recent hack of Solana that robbed users of some $8 million, with many calling for investors to swap convenience for security and trade the more easily hackable hot wallets for cold ones kept offline.

Others have gone further still, pointing to the inherent vulnerability that cloud-based technologies and bridges between crypto platforms pose, with end users being the ultimate victims. Calls are growing for increased state regulation of the beleaguered industry, which has suffered breaches costing it well over $1 billion this year alone.

“I’ve been saying it for years, but it just isn’t wise for investors to leave their assets in a hot wallet,” said Modulus CEO Richard Gardner. “Yes, cold wallets aren’t nearly as convenient for making transfers, but they don’t represent an easy target for hackers either. Use your cold wallet. Take charge of your custody. Right now, custodians and exchanges aren’t doing enough to keep your assets safe.”

He added: “It amazes me that, no matter how many hacks occur, investors still prefer a hot wallet for convenience’s sake. Solana is one of the largest blockchains by value. Whether they or their third-party vendor were attacked is neither here nor there. If Solana can be breached, there’s no safe space. Until the government offers the industry a set of guidelines to keep this from happening, it will continue to happen.”

"It amazes me that, no matter how many hacks occur, investors still prefer a hot wallet for convenience's sake."

Richard Gardner, CEO of Modulus

Dominic Williams, chief scientist at DFINITY, pointed to inherent vulnerabilities in cloud-based technologies that presented easy targets for unscrupulous hackers.

“The latest Solana security issue once again proves how if you introduce ‘trusted intermediaries’, they will get hacked,” he said. Rather than live up to that trust, bridge technology has been plundered by cybercriminals in the past six months.

“Metamask-style wallets are hosted on a cloud, like the Google Chrome Store,” said Williams. “They are updated by trusted intermediaries, rather than algorithms, and interact with the cloud. What all of this means is that bridges can be hacked very easily.”

He added: “This is a consequence of people using centralized technology in blockchain and pretending it is real crypto. Continued hacks of this nature should inspire people to focus on internet identity, chain key cryptography, and generating alternative offerings to bridges.”

Crypto bloodied but not beaten

But despite such horrendous losses, other industry experts are predicting that crypto will weather the storm, albeit amid much infighting between competitors.

Max Kordek, CEO of blockchain access provider Lisk, said that with the cryptocurrency market currently enjoying a “locked valuation” of roughly $14 billion, the loss suffered by Solana constitutes “a drop in the ocean.”

“The problem here lies rather in the large number of likely real-world users of Solana affected,” he said. “This hack is a consecutive security problem with their platform that will cause confidence in the platform to decrease. It showcases that the Solana user experience is not where it needs to be, as users still have to use multiple wallets or browser extensions to interact with blockchain applications.”

"This news will be overblown and used to spur further market fear, especially amongst Bitcoin maximalists who will use it to attack."

Max Kordek, CEO of Lisk

He added: “There is still a long way to go until this experience is seamless. Unfortunately, this news will be overblown and used to spur further market fear, especially amongst Bitcoin maximalists who will use it to attack other Layer One [cryptocurrency providers].”

Rowland Graus of Agoric agreed that the DeFi industry as a whole would prove resilient, while pointing out that the Solana hack remains something of a mystery that bears further scrutiny.

"It's important not to jump to too many conclusions since the root cause of the hack is still unknown,” he said. “However, the unknown cause itself has caused this hack to generate a lot of fear. It will certainly serve as a wake-up call for users to better secure their assets, for example using hardware wallets. Despite this, I don't expect much impact on the wider market. We've shrugged off far larger exploits without a hitch.”

Urgent regulation required

Gardner had some praise for the introduction of the Regulation of Markets in Cryptoassets (MiCA) by the EU this year, which had in turn encouraged the US and UK to revisit their own guidance regimes, but stressed that this was not enough to deal with the urgent set of crises facing DeFi.

“The EU put together MiCA, and that’s really pushed the UK and the United States to move faster than they anticipated on digital asset regulatory reform,” he said. “But even MiCA has an extended runway. The industry really needs guidance immediately.”

He added: “Every day that passes allows exchanges, custodians, and other operators to move forward without safeguarding their customers completely. What we need is something with teeth that instructs the industry to implement best practices throughout their organization.”

Gardner called for sounder tech to safeguard investor assets, a crackdown on the types of human error that facilitate most hacks, and for exchanges to be redesigned to better resist threat actors.

“So many exchanges were built to get to market quickly, and they did that. But they never spent the required time to actually ensure that their exchange was technologically sound,” he said.