The worst thing about the ongoing @solana @phantom / @slope_finance hack is that people don't even understand yet how screwed they are. Here's why this is worse than it seems, and a clear way we #web3 citizens can prevent this in the future👇
First, a few misunderstandings out of the way.
This is not Solana team's fault: other wallets don't seem to be attacked We also truly feel for the affected ones that are sad right now, and we hate to stomp on their hope. But this is an important topic that has to be discussed.
The worst possible calamity that can happen to a network is the leaks of private keys/seed phrases. Why? Imagine the best possible outcome. Let's say @aeyakovenko decides to reverse the chain and refund the stolen balances back to their owners. And let's skip the side effects.
Problem is, refunds would not go just to the owners, but also to the attacker. And since they have the private keys, after the network restart, they would just steal the funds again.
Essentially, the root of the problem is that Solana network has no way to distinguish between a real and a fake owner, to only allow the real owner to access the refund.
There are multiple ways to not let this problem happen, like multisignatures, hardware wallets, etc. but it's hard for people to set up and use them, so not many did. However, here is one more practical idea: vaults + decentralized two-factor authentication.