Recently, the crypto market has been hit by a series of hacking incidents. The hacks targeted the Bridge Protocol and wallets based on the Solana network. At the same time, cryptocurrencies are also being used as a major vehicle for fraud. For crypto, with great power comes great responsibility. Therefore, investors should always beware of hacks.
Cross-chain protocol Nomad hacked within days of attracting investment
On August 1, the cross-chain messaging protocol Nomad was hacked. Cross-chains serve the purpose of enabling users to move cryptocurrencies between various blockchains. As Defiant and other news outlets reported, the hackers stole $35 million worth of Wrapped Bitcoin (WBTC), Ethereum (WETH) and various stablecoins from the Nomad protocol. A press release by Nomad on the 2 nd claimed that it had suffered $190 million in losses from the hack. Nomad is said to have recovered about $22 million of these funds. The project is currently offering a 10% bounty to return the remainder.
This hack occurred due to a vulnerability in the smart contract system. Nomad’s smart contracts contained code that allowed spoofing user trades to fraudulently claim collateral on the bridge. This weakness was known to and utilized by the attackers. The hack occurred just days after Nomad announced its attraction of $22.4 million in investment at the end of last month.
This is not the first incidence of bridge hacking. In June, the Harmony Horizon Bridge was hacked, with $100 million in funds stolen. In April, Axie Infinity's Ronin Bridge was hit by the largest-ever decentralized finance (DeFi) hack, during which over $600 million in funds were lost.
Then, the Solana-based Wormhole Bridge hack saw over $300 million in stolen funds. In a June report, Blockchain analysis firm Elliptic estimated that the damage to cross-chain virtual assets (cryptocurrencies) from hacking has exceeded $1 billion this year alone.
Solana-based hot wallets hacked within hours of Nomad hack
Within hours of the Nomad incident, hot wallets based on the Solana blockchain were also attacked and their content stolen.
Based on the investigation results announced by Solana itself on August 4, as well as by blockchain security firm OtterSec, crypto analyst WatcherGuru and others, about 8,000 Solana wallets were attacked, with about $8 million in Solana (SOL) and Solana network (SPL)-based Circle Stablecoin (USDC) stolen.
Affected wallets include Slope, Phantom, Solflare, Trust Wallet and other Solana-based hot wallets. Solana revealed that the attack started with the Solana wallet Slope. The explanation offered is that for some reason, the attacker obtained permission to sign transactions on behalf of users and that this enabled them to also steal funds from other wallets connected to Slope. Some also theorize that Slope stored users’ private keys on a central server and that the attacker targeted these.
Crypto is now the most common vehicle for fraud in the US
Crypto investor losses come not only from hacking. Recently, various frauds, false advertising and other issues are also increasing. Data collected by the US Federal Trade Commission (FTC) on August 3 shows that losses from fraud committed using cryptocurrency in the US during the first half of 2022 amounted to $728.8 million, overtaking losses from bank wires, which stood at $731 million. Losses linked to cryptocurrencies usually start with social media. The FTC report detailed that about 50% of funds reported as lost through cryptocurrency fraud since 2021 started with an ad or direct message on a social media platform.
The types of fraud vary, including exaggerated or false advertisement, soliciting investments through impersonation and phishing. Typical methods of fraud spread through social media include proposing a crypto issuance plan to users, or posing as a dating partner, a famous business personality, a government official, or recruiter to recommend an investment and then demand a transfer. Another method is sending phishing links.
Until 2020, bank transfer was the most common method for perpetrating fraud by total damage amount, but this year it was overtaken by cryptocurrencies. With the rise in crypto prices through 2020, the number of market trading participants increased and the incidence of fraud using crypto rose accordingly.
With crypto, the user takes full responsibility
Two hacking incidents rocked the crypto market in one day. And crypto is the most frequently used means of committing fraud. This should be a wake-up call to users to double-check whether their crypto assets are secure. Users should never click links they are not sure of and always check if there might be fraud before transferring crypto to someone.
Crypto wallets can be broadly divided into hot wallets connected to the internet and cold wallets that are kept offline. Wallets supported by crypto exchanges or other crypto services are the main type of hot wallets. A typical cold wallet is a hardware wallet that requires a physical storage device (USB flash drive) to be connected each time a trade is signed.
The weak point of hot wallets is their connection to the internet, which makes them the main target for hacking attacks. For this reason, users are strongly recommended to use hot wallets only for transactions, while otherwise storing their assets in cold wallets. However, the reality is that most users keep their assets in exchange wallets. This is why users should check where their assets are stored.