Welcome back to Chain Reaction.
Last week, we looked at the near-term future for crypto gaming as VCs zero in on where to place consumer bets. This week, we’re looking at hardware wallets and the endless journey towards feeling safe in the crypto world.
To get this in your inbox every Thursday, you can subscribe on TechCrunch’s newsletter page. nowhere to hide
A weekly dispatch from the desk of TechCrunch crypto editor Lucas Matney :
The world of crypto can be a cruel and unforgiving place, and while VCs and crypto hedge funds have been happy to bail out institutions, sometimes consumers dabbling in the space find themselves left out in the cold. This week, a couple of pretty high profile hacks cost crypto investors millions, but it was the smaller, more mysterious one that likely left newbie buyers clutching their private keys and praying for the best.
Putting money anywhere is an exercise of trust, which sometimes makes it funny that the the word “trustless” has been a leading phrase in crypto religious creeds that investors use to gain converts. All a user must do is hold their private key near and dear and they can trust that their money will always be there without having to place any trust in a traditional financial institution. But consumers are discovering some of the long-known fine print to that promise.
This week, thousands of Solana users logged into their crypto wallet apps to discover that all of their funds had disappeared. Many of these users claimed they hadn’t used the wallets in weeks or months, ruling out some sort of mass signature of a malicious contract. While this ended up being a lowly seven-figure hack, the mystery was notable. Early-on, users weren’t sure whether this was an attack on the underlying Solana network or an underlying service provider that multiple wallets relied on. Amid all the confusion, wallets continued to be drained eventually emptying the contents of upwards of 8,000 individual accounts.
Investors in the Solana ecosystem (the network’s founder dropped some choice Twitter retweets ) complained that the media was focusing more heavily on the single-digit millions exploit when the Nomad bridge had been hacked for $190 million just a day prior. But it was the nature of the attack that was scarier than the dollar amount. Apparently a crypto wallet provider was inadvertently logging seed phrases to their event logging server, which lead to someone being able to hack and drain over 8,000 wallets https://t.co/Mah695gQY5
— Marcus Hutchins (@MalwareTechBlog) August 3, 2022 While users across wallets reported the problem, the issue came down to a vulnerability in the Slope wallet which had– unbeknownst to users — been logging their private keys in the backend, leaving them vulnerable to bad actors if they had ever imported keys to the mobile app. This saga probably served as another severing point of trust in the system for new users who might have thought their funds were safer in a wallet than a centralized exchange’s coffers. But long-time crypto users shrugged and signified that this was yet another reason for users to hold their funds in so-called hardware wallets — physical devices which store a user’s private keys and dramatically cut down on the number of attack vectors for hackers outside of human error.
Now, pushing every new user to buy a ~$100 hardware wallet in order to truly secure their assets clearly isn’t the ticket to widespread near-term adoption and yet it seems to be a rule that those deepest in the space still cling to. While plenty of crypto’s richest are holding to strategies that promote security above most anything else, it also seems that plenty of them are investing and promoting projects which emphasize speed and seamless onboarding at the expense of security. Users finding their way onto the rails of flashy consumer apps may find themselves realizing that crypto’s early onboarding hurdles have been steep for a reason and that wealthy users buying air-gapped computers and keeping their keys on piece of papers have plenty of history framing their paranoia. the latest pod
Chain Reaction is back again this week and better than ever! We announced two big changes to the pod this week. First and foremost, we have a new co-host, Jacquie Melinek , joining us weekly to talk about the biggest headlines in web3. Jacquie is a great friend of ours and as a reporter for TechCrunch+ , she’s eager to get in the weeds to us help demystify all things […]
source There’s always another nightmarish crypto hack around the corner