Solana says hackers exploited Slope during the recent $7M theft

  • As per the investigation, hackers exploited the Slope mobile wallet applications by inadvertently transmitting private keys to an application monitoring service.
  • Solana added that there’s no evidence of any compromise in the network protocol or its cryptography.

On Tuesday, August 2, blockchain platform Solana reported a major theft with thousands of SOL tokens stolen from crypto wallets. Earlier, it was suspected that over 8000 Phantom wallets had been compromised. However, further investigation revealed that Slope’s mobile wallet applications were the victims of the hack.

Slope is a Web 3 wallet provider for the Solana Layer 1 blockchain network. During its investigation, the Solana Foundation found that the attackers compromised the private keys for each wallet in the exploit. It also adds that the attackers “inadvertently transmitted” the private keys to an “application monitoring service” such as Slope.

In its latest update, Solana has said that there’s no evidence of any compromise in the network protocol or its cryptography. Solana said:

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.

Anatoly Yakovenko, co-founder of Solana also linked Slope wallet to the hack. He also requested users to regenerate their seed phase in a different wallet other than Slope. Furthermore, Yakovenko told the affected user to “Start practicing the cold/hot wallet separation”.

As per the rough estimates, the hackers have stolen more than $8 million worth of SOL tokens from across 8000 wallets.

How attackers breached Slope wallets?

While the exact details and the conduct of the hack aren’t available, some experts have highlighted the possibilities of the event. As per reports, Slope may have logged some user seed phrases on its centralized servers.

The attackers could have exploited these seed phrases by getting access to the Slope servers and using them for further transactions. Earlier, as the attackers started draining money from Slope and Phantom wallets, many believed it to be a Solana protocol issue.

But Solana’s head of communications Austin Fedora later revealed that the problem was isolated to hot wallets. He noted:

We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn’t find a single Phantom-forever user who had their wallet drained. There’s a lot more to go into about the actual vulnerability, but work is still ongoing at this point.

Slope has also acknowledged the problem. It has urged wallet users to generate a new unique seed phrase and transfer all funds to it instead of keeping it in the old wallet.

Related Posts

Motiv Inc. Launches 16 Circular Bitcoin Economies In Peru

The NGO announced 16 circular bitcoin economies are operational In Peru after establishing educational material empowering the financially excluded communities. The NGO announced 16 circular bitcoin economies…

New Serum powered DEX for Solana from Vybe Network launches

Today it was announced from the Serum community the launch of Vybe DEX, a data-driven trading interface powered by Serum’s central limit order book & matching engine,…

88% of Nomad Bridge exploiters were ‘copycats’ — Report

Close to 90% of addresses taking part in the $186 million Nomad Bridge hack last week have been identified as “copycats,” making off with a total of…

Brazil payment app PicPay launches new crypto exchange service with Paxos technology

PicPay, a Brazil-based payment app, has announced will now allow its users to buy, sell and hold cryptocurrencies, in its first foray into the crypto market. Today,…

BitPay teams with Dosh to enable cashback rewards on crypto debit card

News Bitcoin BitPay, the bitcoin and crypto payment processing platform, announced today that users of its BitPay Card will now be rewarded with automatic cashback rewards when…

“Move-and-earn” app STEPN to utilize LINE Blockchain for the Japanese market

LINE, the Japanese corporation specializing in mobile technologies, announced today that LINE Xenesis and Find Satoshi recently concluded an MOU aiming to utilize LINE Blockchain in the…