Exploring ‘Slope’ factor in Solana exploit with Nomad update

Solana was the victim of a $6 million heist that cleared out over 8,000 wallets in the early hours of 3 August. The exploit happened the day after the cross-chain bridge, Nomad, was lost to another hack to the tune of $190 million.

However, there has been an update to the Solana hack after some investigation. According to Solana blockchain developers, the exploit resulted from the negligence of the web3 wallet provider, Slope wallet.

Why the “Slope-ry area”

 

According to the statement, Solana’s ecosystem was not to be blamed for the loss. Solana foundation explicitly pointed at Slope because most of the affected wallets were linked to it. 

In its response, the Slope team also admitted that it had a lot of wallets drained due to the hack. Similarly, Phantom wallet confirmed Solana’s findings, which had some of its users touched by the hack. 

Based on the findings, Solana Foundation noted that Slope wallets may have hosted users’ private keys on centralized servers. Additionally, reports from other corners mentioned that the hackers could have gained access to users’ wallets.  

Hot wallets only

In another related development, Solana CEO, Anatoly Yakovenko had earlier linked the exploit to a supply chain issue. However, its communications lead, Austin Fedora, revealed that it was not the case in a follow-up update. 

In his tweet, Fedro said, 

“It seemed to impact desktop wallets, mobile wallets, wallets of active degens, and wallets that had only ever received one transaction. If this was a supply chain attack hitting all these users, that would have been very scary for all of web3”

Furthermore, he suggested that users who still had assets in their Slope wallet could move them to a secure hard wallet.

At press time, Solana confirmed that investigations were still ongoing to find the perpetrators.

But what’s up with Nomad?

As per the Nomad exploit, there has been some progress. Earlier, the hackers returned around $9 million to the bridge.

Then they followed it up with another $3.8 million in USDC, ETH, and USDT, especially after Nomad publicly pleaded for a return. However, it may seem that the Nomad hackers may not send back all of the exported funds. 

According to the blockchain security firm, PeckShield, the hackers have been laundering some of it by sending it from wallet to wallet. 

Source: https://ambcrypto.com/exploring-slope-factor-in-solana-exploit-with-nomad-update/