{"id":459,"date":"2023-02-01T15:10:20","date_gmt":"2023-02-01T13:10:20","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=459"},"modified":"2024-05-16T13:35:51","modified_gmt":"2024-05-16T11:35:51","slug":"2022-solana-hacks-explained","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained\/","title":{"rendered":"2022 Solana Hacks Explained"},"content":{"rendered":"

Cryptocurrency ecosystems have traditionally been attractive to hackers and scammers, and 2022 proved it again. Over $4B was estimated to be lost for good in the crypto space during the last year, of which over $500M was stolen on Solana.\u00a0<\/span><\/em><\/p>\n

Let’s have a deep dive into these hacks and manipulations to see why and how they happened, are there any patterns and how the projects could have protected themselves.\u00a0<\/span><\/em><\/p>\n

Wormhole<\/b><\/h3>\n

About\u00a0<\/b><\/h4>\n

Wormhole<\/a> is a message-passing protocol<\/strong> enabling the transfer<\/strong> of tokenized assets between<\/strong> supported chains<\/strong>, for instance, one can send ETH from Ethereum and receive a wrapped wormhole ETH (wETH) on Solana.\u00a0<\/span><\/h4>\n

It becomes possible because each supported chain has a wormhole contract<\/strong> that emits<\/strong> or processes<\/strong> wormhole messages<\/strong> with the help of the so-called ‘Guardians<\/strong>‘, a distributed set of nodes that monitor<\/strong> the state of transactions and after consensus<\/strong> sign the messages.\u00a0<\/span><\/p>\n

What happened\u00a0<\/b><\/h4>\n

In February 2022, an attacker stole<\/strong> assets worth roughly $338M<\/strong> (at the time of the exploit) by circumventing<\/strong> the signing process<\/strong> and minting 120k wrapped ETH tokens on Solana without locking an equivalent on Ethereum. Wormhole team sent a message<\/a> to the hacker offering a white hat agreement<\/strong> but there was no response<\/strong>. The hacker used 93,750 of the minted wrapped ETH to redeem<\/strong> back equivalent ETH tokens on Ethereum, thus draining<\/strong> the money from Ethereum liquidity pool. The rest of the tokens were sold<\/strong> for SOL<\/strong> and USDC<\/strong>, as seen in the hacker’s wallet<\/a>. Wormhole’s investor<\/strong>, Jump Crypto replenished<\/strong> all 120k ETH, virtually bailing<\/strong> Wormhole<\/strong> out<\/strong>.<\/span><\/p>\n

How it happened<\/b><\/h4>\n

The bug’s root cause<\/strong> was a deprecated<\/strong> function <\/strong><\/a><\/span><\/p>\n

load_instruction_at <\/span><\/pre>\n
being used during the Wormhole signature<\/strong> verification<\/strong>. The way to build custom instructions that ‘do’ signature verification<\/strong> is by sending<\/strong> a transaction made of (at least) two instructions<\/strong> and checking<\/strong> that the native program instruction was sent.\u00a0<\/span><\/p>\n
Unfortunately, Wormhole’s implementation of the signature verification did not use<\/strong> the suggested <\/span><\/p>\n
load_instruction_at_checked function <\/span><\/pre>\n
and instead used\u00a0<\/span>a deprecated version <\/strong><\/a><\/span><\/p>\n
load_instruction_at<\/span><\/pre>\n
This function does not check<\/strong> that the origin<\/strong> of data to deserialize is actually from the sysvar account and not a fake account.\u00a0<\/span><\/p>\n
Read <\/span>this<\/b><\/a> for more technical details.\u00a0<\/span><\/p>\n
In simple words<\/b><\/h4>\n
The Wormhole hack was quite sophisticated on one side, but after all, the root cause<\/strong> was a missing ownership check<\/strong> on one account, which allowed the hacker to fake the transaction signature<\/strong> and mint tokens<\/strong> on one chain without providing collateral on the other.\u00a0<\/span><\/p>\n
Cashio<\/b><\/h3>\n
About<\/b>\u00a0<\/span><\/h3>\n
Cashio<\/a> was a decentralised stablecoin<\/strong> fully backed by interest-bearing Saber USD liquidity provider tokens.<\/span><\/p>\n
What happened\u00a0<\/b><\/h4>\n
Like with the Wormhole<\/a> hack, the attacker used fake accounts<\/strong> to mint<\/strong> Cashio’s CASH tokens and stole<\/strong> over $52M<\/strong>. It is worth mentioning that Cashio was never audited by a third party.<\/strong><\/span><\/p>\n
How it happened<\/b><\/h4>\n
Due to a collateral token validation flaw<\/strong>, the attacker minted 2 billion CASH tokens using a faked<\/strong> worthless token<\/strong> as collateral<\/strong>. He then burnt<\/strong> part of the tokens for the Saber USDT-USDC LP tokens that he swapped<\/strong> for $16.4 USDC and $10.8 USDT, respectively. The remaining CASH tokens were swapped<\/strong> out for $8.6M UST<\/strong> and $17M USDC<\/strong> through Saber. What’s curious is that the hacker embedded a hidden message<\/a> in the transaction that, after viewing the input data as UTF-8 says:<\/span><\/p>\n
 “Accounts with less than 100k have been returned. All other money will be donated to charity”.<\/span><\/em><\/p>\n
Read <\/span>this<\/b><\/a> for more technical details.\u00a0<\/span><\/p>\n
In simple words<\/b><\/h4>\n
The exploiter had to perform multiple steps and supply the worthless tokens<\/strong> he created earlier as collateral<\/strong> to mint 2 billion CASH tokens.<\/strong> The reason why he managed to do this boils down to the flawed verification of input accounts.<\/strong><\/span><\/p>\n
Crema Finance<\/b><\/h3>\n
About<\/b><\/h4>\n
Crema Finance<\/a> is a liquidity pool<\/strong> based on CLMM<\/strong> (Concentrated Liquidity Market Maker) that allows liquidity providers to set specific price ranges<\/strong>, add single-sided liquidity<\/strong> and do range order trading<\/strong>. The project is closed source<\/strong>, so the available information about the hack is rather limited. The only publicly available security audit<\/a> took place in October after<\/strong> the incident.<\/span><\/p>\n
What happened\u00a0<\/b><\/h4>\n
On July 2, 2022, the pool was subject to an exploit<\/strong>, draining over $8M<\/strong> worth of assets.\u00a0<\/span><\/p>\n
How it happened<\/b><\/h4>\n
According to Crema Finance tweet<\/a>, the CLLM depends on a tick account<\/strong> that holds information about price tick data. The hacker used a combination of flash loan<\/strong> and exploitation of owner verification. <\/strong><\/span>After the incident, Crema Finance suspended<\/strong> the protocol and offered<\/strong> the hacker an $800k white hat bounty<\/strong> via on-chain message<\/a> to the hacker’s Ethereum address. After negotiations, the hacker agreed<\/strong> to take the 45455 SOL<\/strong> bounty (approximately $1.5M<\/strong> at that time) and returned<\/strong> the rest to the protocol.<\/span><\/p>\n
Read <\/span>this<\/b><\/a> for more technical details.\u00a0<\/span><\/p>\n
In simple words,<\/b> everything points again to the common problem that the input accounts were not properly checked<\/strong>, however as the protocol is closed source, some details may be missing.<\/span><\/p>\n
Nirvana Finance<\/b><\/h3>\n
About<\/b>\u00a0<\/span><\/h4>\n
Nirvana Finance<\/a> is a Solana-based DeFi protocol<\/strong> with an algorithmic stablecoin<\/strong>.\u00a0<\/span><\/p>\n
What happened\u00a0<\/b><\/p>\n
On July 28, 2022, it ran into liquidity issues<\/strong> due to a flash loan attack<\/strong> where an attacker drained<\/strong> approximately $3.5M<\/strong> from the liquidity pool. The protocol is closed source<\/strong> and underwent only an automated audit<\/strong> <\/a>before the exploit. A manual human audit<\/strong> is still being scheduled<\/strong> as of the time of writing (January 2023).<\/span><\/p>\n
How it happened<\/b><\/p>\n
Based on the technical post-mortem<\/a> analysis from the Nirvana Finance team, the attacker was able to manipulate the inputs<\/strong> to the program and buy<\/strong> the ANA<\/strong> token at an artificially low price<\/strong>. <\/span><\/p>\n
Read <\/span>this<\/b><\/a> for more technical details.\u00a0<\/span><\/p>\n
In simple words,<\/b> it was a combination of a market manipulation with some hacking: first he artificially lowered the price to buy himself ANAs and by doing so, the exploiter pushed the price upwards and made a profit from the spread.<\/span><\/p>\n
Slope Wallet<\/b><\/h3>\n
About<\/b><\/h4>\n
Slope Finance<\/a> is a community-driven full-stack platform<\/strong> that consists of the sectors of DEX, Wallet,<\/strong> and NFTs<\/strong> built on Solana.\u00a0<\/span><\/p>\n
What happened\u00a0<\/b><\/h4>\n
On August 2, 2022 an attacker drained<\/strong> 9229 wallets of approximately $4.1M<\/strong> worth of assets.<\/span><\/p>\n
How it happened\u00a0<\/b><\/h4>\n
No one really knows, despite the fact that the team published an extensive incident report<\/a>. On-chain data showed that the malicious transactions<\/strong> were signed correctly<\/strong> and, therefore, the private wallet keys<\/strong> had been leaked<\/strong> or compromised<\/strong>.\u00a0<\/span><\/p>\n
It had been confirmed that the mobile version<\/strong> of Slope Wallet application was collecting<\/strong> sensitive information<\/strong> (i.e. private keys) and transmitting<\/strong> it (using HTTPS TLS encryption) to a third-party<\/strong> monitoring service Sentry, where it was stored un-encrypted<\/strong> in an access-secured central database. <\/span><\/p>\n
Yet, the investigations showed that only 5,367<\/strong> wallet private keys were stored in the database<\/strong>, and only 1,444<\/strong> of them were<\/strong> actually drained<\/strong> by the attacker, there were no proofs<\/strong> that the other affected wallets\u2019 information had ever been stored with Sentry.\u00a0<\/span><\/p>\n
Solana Foundation claimed that no core code<\/strong> or anything related to Solana protocol<\/strong> itself was involved in the attack; it was isolated to the Slope Wallet provider.<\/span><\/p>\n
Read <\/span>this<\/b><\/a> for more details.\u00a0<\/span><\/p>\n
In simple words,<\/b> we don\u2019t know what exactly happened. Even though there is no evidence<\/strong> that the private keys<\/strong> of Slope\u2019s users were compromised<\/strong>, it is definitely a big security risk<\/strong> to store<\/strong> sensitive information unencrypted<\/strong>. <\/span><\/p>\n
Mango Markets<\/b><\/h3>\n
About\u00a0<\/b><\/h4>\n
Mango Markets<\/a> is a platform<\/strong> for cross-collateralized leverage trading.\u00a0<\/strong><\/span><\/p>\n
What happened\u00a0<\/b><\/h4>\n
On October 12, 2022, an attacker drained<\/strong> over $116M<\/strong> worth of assets by manipulating<\/strong> the oracle price<\/strong> data.<\/span><\/p>\n
How it happened\u00a0<\/b><\/p>\n
The attacker used over $5M USDC<\/strong> to fund an account, took a short MANGO-PERP position,<\/a> and offered 488M MANGO-PERP to sell at $0.0382. Next, he funded another account with additional $5M USDC<\/strong>, took a long MANGO-PERP position<\/a>, and bought 488M<\/strong> MANGO-PERP. Due to low liquidity<\/strong> on the exchange between MANGO and USDC, the attacker was able to pump<\/strong> the price of MANGO on various exchanges 5-10x<\/strong> in a matter of minutes. The updated prices<\/strong> by Oracles<\/strong> were pumped<\/strong> up to $0.91 per unit and allowed the attacker to take out a loan of $116M<\/strong> worth and withdraw BTC (Sollet), USDT, SOL, mSOL, USDC from Mango.<\/span><\/p>\n
Read <\/span>this<\/b><\/a> for more details.\u00a0<\/span><\/p>\n
In simple words, <\/b>Mango Markets wasn\u2019t hacked<\/strong> at all, it was exploited. The exploiter pumped<\/strong> the price of the Mango\u2019s native token, then sold, thus dumped<\/strong> the price and profited<\/strong> from the spread. <\/span><\/p>\n
Solend<\/b><\/h3>\n
About\u00a0<\/b><\/h4>\n
Solend<\/a> is a decentralized lending and borrowing protocol on Solana.\u00a0<\/span><\/p>\n
What Happened\u00a0<\/b><\/p>\n
On November 2, 2022, an attacker drained<\/strong> assets from Solend’s Stable, Coin98, and Kamino isolated pools resulting in $1.26M<\/strong> of bad debt.<\/span><\/p>\n
How it happened\u00a0<\/b><\/p>\n
The attacker spent 100k USDC to pump<\/strong> USDH price on Saber, and then he started spamming<\/strong> the Saber account so that no arbitrage could occur<\/strong> in the same slot. The attacker then arbitraged himself<\/strong> in the next slot, and the Switchboard oracle<\/strong> picked the high price<\/strong>. By repeating the same procedure, he pumped up the price<\/strong> of USDH, and by depositing, he borrowed<\/strong> assets worth $1.26M<\/strong>, effectively draining all pools.\u00a0<\/span><\/p>\n
Read <\/span>this<\/b><\/a> for more details.<\/span><\/p>\n
In simple words, <\/b>it was a combination of a hack<\/strong> and market manipulation<\/strong>: the hacker pumped<\/strong> the tokens price and spammed<\/strong> the oracle to make sure it picks the price which would be the most profitable for him.\u00a0\u00a0<\/span><\/p>\n
Conclusion<\/strong><\/h3>\n
Blockchain hacks come in different forms, some of them can’t be really called hacks, they are rather exploits as they don’t involve any coding, like in case with Mango Markets. Others may be a combination of both a hack and market manipulation.<\/p>\n
Is there any way for a protocol to protect itself from attackers as they grow more and more ingenious? We firmly believe that being audited by a third-party is one of the best ways to do so. Although no audit can be a 100% guarantee and a single audit can never be enough, it’s a basic requirement for a reputable web3 project, yet some of the protocols who suffered from a hack or an exploit hadn\u2019t been audited manually or at all.<\/span><\/p>\n
References<\/strong><\/h4>\n
1<\/a>, 2<\/a>, 3,<\/a> 4<\/a>, 5<\/a>, 6<\/a>,\u00a07<\/a>,\u00a08<\/a>,\u00a09<\/a>,\u00a010<\/a>, 11<\/a><\/p>\n
<\/pre>\n","protected":false},"excerpt":{"rendered":"
Cryptocurrency ecosystems have traditionally been attractive to hackers and scammers, and 2022 proved it again. Over $4B was estimated to be lost for good in the crypto space during the last year, of which over $500M was stolen on Solana.\u00a0 Let’s have a deep dive into these hacks and manipulations to see why and how they happened, are there any patterns and…<\/p>\n","protected":false},"author":15,"featured_media":460,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85,84,5],"tags":[14,86,6,19],"class_list":["post-459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exploits","category-hacks","category-solana","tag-exploit","tag-hack","tag-solana","tag-solana-security"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/Solana-hacks-2022-1-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/02\/Solana-hacks-2022-1-600x600.png","author_info":{"display_name":"Aleksandra Yudina","author_link":"https:\/\/ackee.xyz\/blog\/author\/aleksandra-yudina\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=459"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/459\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/460"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}