The Solana (SOL) blockchain’s developers traced an attack that affected over 8,000 wallets and lost $8 million to a closed-source Slope wallet.
After a thorough review by developers, ecosystem teams, and security auditors, Slope mobile wallet apps may have used impacted addresses.
Slope said “nothing is yet concrete” and that they have “some thoughts” regarding what happened.
Slope urged users to build a fresh seed phrase wallet and move their money to it. “We are doing internal investigations and audits, collaborating with the best external security and audit groups,” the Slope team said.
It is a non-custodial, web-based crypto wallet and browser extension for managing assets on the Solana blockchain.
Theft of Solana Wallets
The hackers stole over 8,000 Solana wallets, according to recent reports. The hackers deposited USD 8.58 million to their accounts at 7:30 UTC on Thursday, according to Solscan’s dashboard.
A flaw in the blockchain’s core code is not a possibility, according to the Solana team. This group’s findings suggest that popular software wallets, rather than Solana’s core code, are to blame.
The Phantom wallet team, who had earlier informed users that the Solana breach was not “a Phantom-specific issue” even though certain Phantom wallets were drained, stated that those wallets’ holders had previously interacted with a Slope wallet.
Slope’s account import issues may be to blame for alleged exploits, the Phantom team said in a tweet.
A crypto engineer who goes by Foobar on Twitter claims that the Slope wallet may have stored plaintext seed phrases on their centralised servers.
Adam Cochran of the Cryptography Foundation said Slope emailed plain text private key and seed phrases to a server. He noted that there is no explanation for this in the design of the product. As far as he’s concerned, there’s no way this could be a leak because it’s clearly labelled as such.
Customers Complaints
On Tuesday, customers began complaining that their assets had been stolen from prominent hot wallets, including Phantom, Slope, and TrustWallet, without their knowledge. It has been more than 40 days since some of the impacted users have engaged in contract activity.
Blockchain security firms quickly discovered that genuine owners signed the transactions, implying a private key breach. However, the breach did not affect hardware wallets.
Although the hack was extensive, Solana’s native token SOL has stood up quite well. In the early hours of Thursday, the currency was trading at USD 39.32, up 1.8% in one day and down 2.3% in one week.
