The multimillion-dollar Solana Wallet hack has been traced back to a private key exploit tied to the Slope mobile wallet app.
Solana Fingers Slope Wallet For Attack
Investigations into the large-scale exploit that targeted the Solana Wallet has revealed that private key details were “inadvertently transferred” to a third party on the Slope Finance network. This resulted in a vulnerability in the Solana network leading to the loss of around $4.5 million worth of SOL and other cryptos from about 8000 Solana wallets. The exploit started on Tuesday night and continued well into Wednesday, inspiring a team of developers and security auditors to launch preliminary investigations. The findings were reported on Twitter,
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications…This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure. While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.”
According to the team, the Solana protocol and its cryptography were not compromised. Additionally, users are being advised to switch to hardware wallets to keep funds secure, as these have been immune to the hack.
Slope Still Investigating
The Slope team has acknowledged the inclusion of Slope wallets in the hack and claims to be looking into the matter. The team has released a statement that, however, does not go too much into the depth of the hack and neither does it take responsibility for the attacks.
The statement released by Slope reads,
“We have some hypotheses as to the nature of the breach, but nothing is yet firm. We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained. We are still actively diagnosing and are committed to publishing a full postmortem, earning back your trust, and making this as right as we can.”
The team has also advised users to create a new wallet with a new seed phrase and transfer all their funds.
Phantom Wallet Holders Affected As Well
Besides Solana and Slope, Phantom has also faced the effects of the hack. For example, several wallet holders who had previously interacted with a Slope wallet had their Phantom wallets completely drained of SOL and other tokens. The Phantom team reported that the exploits were caused by the complications related to importing accounts to and from Slope.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2022/08/more-details-emerge-from-the-solana-wallet-hack