As the dust settles from the chaos in the Solana ecosystem, data about it is surfacing. The latest to be revealed is that wallet provider Slope is largely responsible for the security exploit that drained cryptocurrency from thousands of Solana users.
Slope is a provider of Web3 wallets for the Solana Layer 1 (L1) blockchain. Via the Solana Status Twitter account on Wednesday, the Solana Foundation took aim at Slope, stating that “it appears that the affected addresses were at some point created, imported, or used in Slope’s mobile wallet applications.”
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Following investigation by developers, ecosystem teams, and security auditors, it appears that the affected addresses were at some point created, imported, or used in Slope’s mobile wallet applications. 1/2
Solana’s co-founder, Anatoly Yakovenko also linked Slope wallets to the hack on his personal Twitter account. He advised users to will regenerate a seed phrase from a service other than Slope as soon as they could. Additionally, he told an affected user to “start practicing online/offline wallet separation.”
Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.
— SMS aey.sol, (@aeyakovenko) August 3, 2022
The attacker is lazy when it comes to handling all paths. Only the Slope addresses of many phantom users were drained. He would advise anyone who has touched pending to regenerate their seed phrase in a different wallet as soon as possible.
Solana-based wallet exploits first came to light on Tuesday, after the community started reporting that their crypto wallets were being drained of their Solana (SOL) and other tokens. It is estimated that approximately $8 million worth of cryptocurrency was stolen from nearly 8,000 wallets.
Through his research, the Solana Foundation determined that the private keys of each of the wallets compromised in the exploit were “inadvertently transmitted to an application monitoring service” such as Slope.
He added that there was no evidence to suggest that the Solana protocol or its cryptocurrency was compromised by the attack.
Some reports indicate that Slope could have registered the phrases of the users in its centralized servers. The servers could have been compromised and leaked seed phrases, which a hacker could use to execute transactions.
Early reports of that day’s attack said that users of online wallets Slope and Phantom were the objective, leading many to believe there might be a broader problem with the Solana protocol. Nevertheless, a new analysis shared by Solana’s head of communications, Austin Fedora, discovered that the problem was limited to online wallets.
Fedora said that although 60% of the victims of the attack were Phantom users, those affected did not generate their seed phrase using Phantom.
We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn’t find a single Phantom-forever user who had their wallet drained
— Austin Federation | sms (@Austin_Federa) August 3, 2022
We launched a Typeform to collect data and the results were clear: of those affected, 60% were Phantom users and 40% Slope users. But after extensive interviews and community petitions, we couldn’t find a single Phantom-forever user whose wallet had been drained.
Slope released a statement on the status of its ongoing investigation into the incident on Wednesday, confirming that “a cohort of Slope wallets were compromised in the exploit”, including some belonging to their own staff.
The team urged users of Slope wallets to generate a new unique seed phrase and transfer all funds to it instead of keeping funds in the old wallets that could be exploited later. The Phantom team stepped up the caveat advising users to move their assets to a new wallet other than Slope.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.