back to article Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets

Millions of dollars worth of Solana cryptocurrency and other tokens were stolen from seemingly thousands of netizens this week by thieves exploiting some kind of security weakness or blunder. From what we can tell, and details are still light, somewhere between $4.5 million and $8 million in coins – including stablecoins USDC …

  1. Pascal Monett Silver badge
    Facepalm

    "There is no evidence the Solana protocol or its cryptography was compromised"

    Okay, first of all, you probably don't have the required expertise to be 100% sure.

    Second, you don't have enough experience managing financial transfers to secure the platform properly.

    Once again we witness a bunch of people who think they can just go and create a banking environment without the required experience or the required rules.

    And once again, it falls flat on its face.

    How long is it going to take for your kind to realise that a banking charter exists for a good reason ?

    1. Snowy Silver badge
      Holmes

      Re: "There is no evidence the Solana protocol or its cryptography was compromised"

      or the required security?

  2. Winkypop Silver badge
    WTF?

    Surely

    Crypto is about done

    1. Doctor Syntax Silver badge

      Re: Surely

      Barnum says otherwise.

      1. a pressbutton

        Re: Surely

        This is true

        Some tulip bulbs sell for over £13 each.

        They do look lovely

        Hope Solana holders feel the same when looking at their holdings.

        Lunchtime. Nice sunny day, going out for a solero. 60p

  3. Anonymous Coward
    Anonymous Coward

    Again

    (In Nelson voice) "Ha-ha!"

    Seriously, with multiple articles like these coming out each month, why haven't people figured out the risks of the crypto-coin environment are just slightly more than standing in the ocean and biting down on a live wire?

    (Possible answer: greed > wisdom)

    1. Doctor Syntax Silver badge

      Re: Again

      There's an endless supply of people who think it can onley happen to someone else because they themselves are much too smart.

      1. General Purpose Silver badge

        Re: Again

        Indeed, everyone who didn't get hacked this time now has proof that they themselves are much too smart.

    2. I ain't Spartacus Gold badge

      Re: Again

      Seriously, with multiple articles like these coming out each month

      Maybe it's because all those articles are full of random word-soup so nobody takes them in? Given there seem to be an infinite number of different crapto currencies and an even more infinite number of service companies that attach to them providing variously insecure services probably written in bad Javascript by gibbons.

      The article may as well say that people using the Ninky Nonk wallet software for the Igglepiggle cryptocoin have lost access to their wallets due to an arbitrage attack on the Pontypines exchange involving the stablecoin PeppaPig. Huh?

      Also, while banging on about terminology, I think El Reg should stop using the word "stablecoin". Or at least, if you're going to, put it in the inverted commas - or just the table bit. Facebook's might actually have been a stablecoin, because they were claiming they were going to keep enough real assets to match the number of coins they were issuing, and they would have been regulated by outside authorities. All other "stablecoins" are just pretence and/or wishful thinking.

      Unless they're crapto coins that can be used to pay for horses or caring for horses, in which case I'm fine with it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Again

        Yeah I was thinking, suppose I were to deal with “cryptocurrency” (which I won't). I might buy bitcoin because, well, I've heard of it. But why would I go for froppetycoin or any of the other thousands / millions of "coins" out there, and what would I do with them?

        Also, being a technical person and not knowing anyone who is into this stuff does make one wonder.

        1. Anonymous Coward
          Anonymous Coward

          Re: Again

          >what would I do with them

          you would use, for example, BNB to get a discount on transactions with the Binance exchange.

      2. Muppet Boss
        Pint

        Re: Again

        >Also, while banging on about terminology, I think El Reg should stop using the word "stablecoin". ... Unless they're crapto coins that can be used to pay for horses or caring for horses, in which case I'm fine with it.

        Stablecoins = Coins minted in a stable using a horsemint process. Beer, anyone?

    3. Jimmy2Cows Silver badge

      Re: why haven't people figured out the risks of the crypto-coin environment

      Somehow I think the target audience of these articles does not intersect the set of gullible morons willing to swap their real cash for imaginary binary bollocks on a blockchain.

      1. Anonymous Coward
        Anonymous Coward

        Re: why haven't people figured out the risks of the crypto-coin environment

        >imaginary

        So, this doen't exist, or what?

        https://www.blockchain.com/btc/blocks?page=1

  4. Anonymous Coward
    Anonymous Coward

    Twitter...

    https://twitter.com/MoonRankNFT/status/1554911833617641472

  5. Flak

    Crypto theft is endemic

    This is just one of an increasing number of thefts and losses.

    https://decrypt.co/100181/almost-all-1-7b-crypto-stolen-in-2022-has-come-from-defi-chainalysis

    https://www.cnbc.com/2022/01/06/crypto-scammers-took-a-record-14-billion-in-2021-chainalysis.html

    Might as well keep those crypto coins in an open bucket on a city centre street - probably safer...

    1. Anonymous Coward
      Anonymous Coward

      Re: Crypto theft is endemic

      https://web3isgoinggreat.com/ is a great morning coffee read. Really sets you up for the day with a feeling of smug superiority :D

  6. lglethal Silver badge
    Facepalm

    So the miscreants made off with more crypto. Surprise, surprise...

    What I find even more amazing is that there are still real people out there, who are willing to spend real money to buy these shitty tokens off the scammers (and I'm not limiting myself to talking about the thieves with that statement).

    Every day, we read about Crypto being stolen or looted from one service or another, and yet people still buy into this stuff. It boggles belief....

    1. Doctor Syntax Silver badge

      Maybe by now there are only thieves left & they're all busy stealing from each other.

  7. iron Silver badge

    > "We have some hypotheses as to the nature of the breach, but nothing is yet firm,"

    Adding "we last saw Dave from IT about 5 minutes before all these "coins" were stolen but as soon as he turns up we'll ask him what happened."

  8. FrogsAndChips

    Never keep your wallet online

    After so many of these robberies, people still keep their crypto on online wallets?

    As anyone knows, the only way to make sure no one can access your coins is to keep them on your hard drive, protected by 3 layers of encryption, and buried deep in a landfill in Newport

    1. Anonymous Coward
      Anonymous Coward

      Re: Never keep your wallet online

      This was apparently a wallet app, but the devs being utter dickfaces decided to log the wallet seed using a cloudy third-party logging service, because of course they did, and someone stole the logs then used it to steal their magic beans.

      Makes the software engineers at Boeing with their 'yeah just use a single sensor reading what could possibly go wrong?' look like certified geniuses.

  9. Snowy Silver badge

    Sure

    If "There is no evidence the Solana protocol or its cryptography was compromised" does that make it an inside job, or the protocol is just so poor?

    1. Anonymous Coward
      Anonymous Coward

      Re: Sure

      > does that make it an inside job, or the protocol is just so poor?

      Yes.

  10. ghp

    These people were trusting their mobiles to handle their finances??

    1. Howard Sway Silver badge

      Strictly speaking, no. They were trusting a bunch of unregulated amateurs they didn't know to handle their finances. And now they have no finances left to handle.

  11. renniks

    I would love to see every crypto wallet deleted/emptied/zeroed in the morning

  12. Missing Semicolon Silver badge

    There is a name for this....

    ... it's the "Rugpull".

    What is amazing is that the rug can be pulled more than once.

    1. renniks

      Re: There is a name for this....

      no fixing stupid...

    2. Anonymous Coward
      Anonymous Coward

      Re: There is a name for this....

      A Rugpull is when the developers themselves steal the imaginary currency and dissapear/blame it on a hack. You can tell them because the project immediately closes down and the dev team go silent. In this case it seems like a genuine hack rather than a rugpull.

      1. Michael Wojcik Silver badge

        Re: There is a name for this....

        Yes, and at first glance it looks like it was an attack against a wallet implementation, not against the cryptocurrency itself. Not that it matters much, particularly to the people who lost (notional) money. (How much of that could be converted into hard currency or goods & services is always a question.)

  13. Anonymous Coward
    Facepalm

    The good thing about de-fi

    Is that there is always someone else to blame.

  14. stewwy

    One all the crypto has been stolen

    are they going to steal each other's crypto in a never increasing circle until they produce some sort of financial black hole?

    It seems as if the crypto market acts like ISK the EVEOnline in-game currency.

  15. Anonymous Coward
    Anonymous Coward

    Easy come

    Easy go

    Better luck, please try again.

  16. Michael Wojcik Silver badge

    Bad week for Solana

    ... since it's just been revealed that most of the Solana ecosystem was a house of cards created by one developer through a network of sockpuppets.

    https://web3isgoinggreat.com/web1#ian-macalinao-pseudonyms

    And yet the continual parade of fraud, theft, and failure among cryptocurrencies and DeFi seems to have no effect on the cryptocurrency fans – most of whom appear to know essentially nothing about the underlying technology.1 Sigh.

    1And, honestly, a lot of the CS and economics research around cryptocurrencies, "smart contracts", DeFi, etc is really quite interesting. Just search Colyer's old Morning Paper archives and skim a few; you'll see what I mean. It's just unfit for use in practice.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like