TL;DR

In 2022, Solana Blockchain has lost approximately $523 Million in stolen funds in exploits.

Introduction

Solana, a public blockchain platform, has suffered 11 significant attacks over the last year resulting in a total loss of ~$523 million. By far the largest incident was the exploit which occurred on the Wormhole Bridge resulting in the loss of $326 million, which is also the second largest exploit which has occurred exploit in terms of lost funds to have occurred this year. Of the 11 incidents, 10 lost over $1 million. You can see the breakdown of these exploits below.

 Image: Breakdown of funds lost by exploit. Source: CertiK

Exploits

Solana had seven major exploits this year including Wormhole, Cashio, Mango Market, Solend, and Optifi. These exploits led to a total profit loss of ~$492 million in user funds. The largest exploit on Solana protocol was the Wormhole incident, which led to a loss of ~$326 million. Attackers exploited a signature verification vulnerability in the Wormhole network to mint 120k Ether on Solana. The hack occurred due to a lack of signature verification authorizations, where the developers used a deprecated function to enable unverified forged signature passes. The second largest exploit on Solana occurred on October 11, 2022, when Mango Markets was exploited by a group of attackers that totaled a loss of $116 million. Attackers manipulated the value of a posted collateral to a higher price. Hackers then took out significant loans against the inflated collateral, which ended up draining Mango’s treasury.

Private Key Compromises

In 2022, $13.5 million has been lost due to private key exploits on the Solana blockchain. The largest private key compromise occurred on 2nd August 2022 when Slope wallet users began to notice that their assets were being transferred out of their wallet. It later became apparent that the private keys of Slope users were stored in plaintext on a third part server which was compromised. This meant that hackers were able to drain approximately 8,000 wallets which led to ~$8 million in losses. The second private key compromise occurred on On 16 December 2022, due to a Trojan virus compromising a key wallet on Raydium Protocol. The exploiter drained multiple liquidity pools which led to approximately $5.5 million worth of assets being stolen.

Private key compromise events are particularly harmful especially when a project has a high degree of centralization. In the case of the Raydium incident, one wallet was able to withdraw liquidity from multiple pools which presents a centralization risk if said wallet is mishandled or compromised. Always check certik.com audits and understand the centralization risks of a project and see what measures the team have taken to mitigated these security issues.

Exit Scams

Users on the Solana blockchain fell victim to multiple exit scams, losing millions to scammers. In 2022, there were four significant exit scams on the Solana blockchain totalling ~$5.3 million of stolen user funds. These exit scams included COPE, Big Daddy Ape Club, Doodled Dragons, and SolFire Finance, with the largest exit scam being SolFire Finance at ~$4.1 million user funds stolen. The SolFire Finance project owner stole all user funds and moved them to the Ethereum via a cross-chain bridge. The project then deleted their GitHub account and Twitter accounts.

Doing your own due diligence on a project is extremely important to avoid being the victim of an exit scam. There are a number of resources you can utilize to help you DYOR. For example, CertiK offers industry leading KYC investigations which mean the team behind a project are thoroughly vetted by skilled investigators and analysts. CertiK have uncovered a KYC actor industry which aims to trick KYC services into passing illegitimate projects. Look for the CertiK KYC badge on certik.com to help you DYOR in investing in trustworthy projects.

Conclusion

This year has been a tough one for DeFi platforms, especially Solana. Projects on Solana suffered multiple costly exit scams and exploits which included key compromises and code vulnerabilities.