In light of the recent exploit, we’d like to provide a refresher on the situation and actionable items for how users can better secure their crypto assets.
After a period of intensive investigations with teams and security firms within the ecosystem, the collective view is that the exploit was caused by private keys being compromised, likely as a result of a vulnerability within mobile wallet applications. In particular, Slope wallet appears to have the highest concentration (being most, if not all) of impacted users.
Snowflake Safe remains one of the most secure, versatile, and feature complete options to manage your assets on Solana. It is incredibly convenient and cost effective (less than 0.1 SOL), and takes less than 2 minutes to set up.
If your funds are currently stored in a single hot wallet, we highly recommend moving these to a multisig such as Snowflake Safe or setting up a hardware wallet. You can follow this quick guide
If you are already using Snowflake Safe, please review any owners who have used Slope wallets and consider replacing owners whose keys might have been compromised and/or increase the approval threshold for the Safe. You can manage the owners and approval threshold of your Safe in the settings menu (Safe > Settings).
In addition to the above, we recommend everyone to take time and review your OpSec (operational security). Crypto has proven to be an area of intense focus for hackers and other bad actors, so it is especially important to minimise security risks from your day to day operations. Consider the following tips in order to further strengthen your security and protection:
– Consider using a hardware wallet for some or all of the owners of your multisig. Have an address which is kept clean and solely used for asset storage (and not for smart contract interactions), which stores the majority of your funds, and another address where you transfer into for smart contract interactions/day to day use
– Have separate browser profiles for separate purposes, and for each hot wallet private key you are running. Eg have work on one profile, personal media consumption on another, crypto on a third.
– To minimise the risk of compromising the computer you run your crypto on, do your crypto transactions on a computer/operating environment which you don’t use for anything else (no browsing, no PDFs etc). A possible option is to use virtual machines to separate your work, personal, and crypto usage.
– Use a password manager to make each of your passwords unique and hard to crack (15–20 char + random generation). Bitwarden or 1Password are common options for password managers.
– Enable 2FA on all your web accounts, consider a yubikey for hardware 2fa.