Cryptocurrency ecosystems have traditionally been attractive to hackers and scammers, and 2022 proved it again. Over $4B was estimated to be lost for good in the crypto space during the last year, of which over $500M was stolen on Solana

Let’s have a deep dive into these hacks and manipulations to see why and how they happened, are there any patterns and how the projects could have protected themselves. 

Wormhole

About 

Wormhole is a message-passing protocol enabling the transfer of tokenized assets between supported chains, for instance, one can send ETH from Ethereum and receive a wrapped wormhole ETH (wETH) on Solana

It becomes possible because each supported chain has a wormhole contract that emits or processes wormhole messages with the help of the so-called ‘Guardians‘, a distributed set of nodes that monitor the state of transactions and after consensus sign the messages. 

What happened 

In February 2022, an attacker stole assets worth roughly $338M (at the time of the exploit) by circumventing the signing process and minting 120k wrapped ETH tokens on Solana without locking an equivalent on Ethereum. Wormhole team sent a message to the hacker offering a white hat agreement but there was no response. The hacker used 93,750 of the minted wrapped ETH to redeem back equivalent ETH tokens on Ethereum, thus draining the money from Ethereum liquidity pool. The rest of the tokens were sold for SOL and USDC, as seen in the hacker’s wallet. Wormhole’s investor, Jump Crypto replenished all 120k ETH, virtually bailing Wormhole out.

How it happened

The bug’s root cause was a deprecated function

load_instruction_at 

being used during the Wormhole signature verification. The way to build custom instructions that ‘do’ signature verification is by sending a transaction made of (at least) two instructions and checking that the native program instruction was sent. 

Unfortunately, Wormhole’s implementation of the signature verification did not use the suggested

load_instruction_at_checked function 

and instead used a deprecated version

load_instruction_at

This function does not check that the origin of data to deserialize is actually from the sysvar account and not a fake account. 

Read this for more technical details. 

In simple words

The Wormhole hack was quite sophisticated on one side, but after all, the root cause was a missing ownership check on one account, which allowed the hacker to fake the transaction signature and mint tokens on one chain without providing collateral on the other. 

Cashio

About 

Cashio was a decentralised stablecoin fully backed by interest-bearing Saber USD liquidity provider tokens.

What happened 

Like with the Wormhole hack, the attacker used fake accounts to mint Cashio’s CASH tokens and stole over $52M. It is worth mentioning that Cashio was never audited by a third party.

How it happened

Due to a collateral token validation flaw, the attacker minted 2 billion CASH tokens using a faked worthless token as collateral. He then burnt part of the tokens for the Saber USDT-USDC LP tokens that he swapped for $16.4 USDC and $10.8 USDT, respectively. The remaining CASH tokens were swapped out for $8.6M UST and $17M USDC through Saber. What’s curious is that the hacker embedded a hidden message in the transaction that, after viewing the input data as UTF-8 says:

“Accounts with less than 100k have been returned. All other money will be donated to charity”.

Read this for more technical details. 

In simple words

The exploiter had to perform multiple steps and supply the worthless tokens he created earlier as collateral to mint 2 billion CASH tokens. The reason why he managed to do this boils down to the flawed verification of input accounts.

Crema Finance

About

Crema Finance is a liquidity pool based on CLMM (Concentrated Liquidity Market Maker) that allows liquidity providers to set specific price ranges, add single-sided liquidity and do range order trading. The project is closed source, so the available information about the hack is rather limited. The only publicly available security audit took place in October after the incident.

What happened 

On July 2, 2022, the pool was subject to an exploit, draining over $8M worth of assets. 

How it happened

According to Crema Finance tweet, the CLLM depends on a tick account that holds information about price tick data. The hacker used a combination of flash loan and exploitation of owner verification. After the incident, Crema Finance suspended the protocol and offered the hacker an $800k white hat bounty via on-chain message to the hacker’s Ethereum address. After negotiations, the hacker agreed to take the 45455 SOL bounty (approximately $1.5M at that time) and returned the rest to the protocol.

Read this for more technical details. 

In simple words, everything points again to the common problem that the input accounts were not properly checked, however as the protocol is closed source, some details may be missing.

Nirvana Finance

About 

Nirvana Finance is a Solana-based DeFi protocol with an algorithmic stablecoin

What happened 

On July 28, 2022, it ran into liquidity issues due to a flash loan attack where an attacker drained approximately $3.5M from the liquidity pool. The protocol is closed source and underwent only an automated audit before the exploit. A manual human audit is still being scheduled as of the time of writing (January 2023).

How it happened

Based on the technical post-mortem analysis from the Nirvana Finance team, the attacker was able to manipulate the inputs to the program and buy the ANA token at an artificially low price.

Read this for more technical details. 

In simple words, it was a combination of a market manipulation with some hacking: first he artificially lowered the price to buy himself ANAs and by doing so, the exploiter pushed the price upwards and made a profit from the spread.

Slope Wallet

About

Slope Finance is a community-driven full-stack platform that consists of the sectors of DEX, Wallet, and NFTs built on Solana

What happened 

On August 2, 2022 an attacker drained 9229 wallets of approximately $4.1M worth of assets.

How it happened 

No one really knows, despite the fact that the team published an extensive incident report. On-chain data showed that the malicious transactions were signed correctly and, therefore, the private wallet keys had been leaked or compromised

It had been confirmed that the mobile version of Slope Wallet application was collecting sensitive information (i.e. private keys) and transmitting it (using HTTPS TLS encryption) to a third-party monitoring service Sentry, where it was stored un-encrypted in an access-secured central database.

Yet, the investigations showed that only 5,367 wallet private keys were stored in the database, and only 1,444 of them were actually drained by the attacker, there were no proofs that the other affected wallets’ information had ever been stored with Sentry. 

Solana Foundation claimed that no core code or anything related to Solana protocol itself was involved in the attack; it was isolated to the Slope Wallet provider.

Read this for more details. 

In simple words, we don’t know what exactly happened. Even though there is no evidence that the private keys of Slope’s users were compromised, it is definitely a big security risk to store sensitive information unencrypted.

Mango Markets

About 

Mango Markets is a platform for cross-collateralized leverage trading. 

What happened 

On October 12, 2022, an attacker drained over $116M worth of assets by manipulating the oracle price data.

How it happened 

The attacker used over $5M USDC to fund an account, took a short MANGO-PERP position, and offered 488M MANGO-PERP to sell at $0.0382. Next, he funded another account with additional $5M USDC, took a long MANGO-PERP position, and bought 488M MANGO-PERP. Due to low liquidity on the exchange between MANGO and USDC, the attacker was able to pump the price of MANGO on various exchanges 5-10x in a matter of minutes. The updated prices by Oracles were pumped up to $0.91 per unit and allowed the attacker to take out a loan of $116M worth and withdraw BTC (Sollet), USDT, SOL, mSOL, USDC from Mango.

Read this for more details. 

In simple words, Mango Markets wasn’t hacked at all, it was exploited. The exploiter pumped the price of the Mango’s native token, then sold, thus dumped the price and profited from the spread.

Solend

About 

Solend is a decentralized lending and borrowing protocol on Solana

What Happened 

On November 2, 2022, an attacker drained assets from Solend’s Stable, Coin98, and Kamino isolated pools resulting in $1.26M of bad debt.

How it happened 

The attacker spent 100k USDC to pump USDH price on Saber, and then he started spamming the Saber account so that no arbitrage could occur in the same slot. The attacker then arbitraged himself in the next slot, and the Switchboard oracle picked the high price. By repeating the same procedure, he pumped up the price of USDH, and by depositing, he borrowed assets worth $1.26M, effectively draining all pools. 

Read this for more details.

In simple words, it was a combination of a hack and market manipulation: the hacker pumped the tokens price and spammed the oracle to make sure it picks the price which would be the most profitable for him.  

Conclusion

Blockchain hacks come in different forms, some of them can’t be really called hacks, they are rather exploits as they don’t involve any coding, like in case with Mango Markets. Others may be a combination of both a hack and market manipulation.

Is there any way for a protocol to protect itself from attackers as they grow more and more ingenious? We firmly believe that being audited by a third-party is one of the best ways to do so. Although no audit can be a 100% guarantee and a single audit can never be enough, it’s a basic requirement for a reputable web3 project, yet some of the protocols who suffered from a hack or an exploit hadn’t been audited manually or at all.

References

1, 2, 3, 4, 5, 678910, 11