Solana says hackers exploited Slope wallets during the $7 million theft

  • As per the investigation, hackers exploited the Slope mobile wallet applications by inadvertently transmitting private keys to an application monitoring service.
  • Solana added that there’s no evidence of any compromise in the network protocol or its cryptography.

On Tuesday, August 2, blockchain platform Solana reported a major theft with thousands of SOL tokens stolen from crypto wallets. Earlier, it was suspected that over 8000 Phantom wallets had been compromised. However, further investigation revealed that Slope’s mobile wallet applications were the victims of the hack.

Slope is a Web 3 wallet provider for the Solana Layer 1 blockchain network. During its investigation, the Solana Foundation found that the attackers compromised the private keys for each wallet in the exploit. It also adds that the attackers “inadvertently transmitted” the private keys to an “application monitoring service” such as Slope.

In its latest update, Solana has said that there’s no evidence of any compromise in the network protocol or its cryptography. Solana said:

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.

Anatoly Yakovenko, co-founder of Solana also linked Slope wallet to the hack. He also requested users to regenerate their seed phase in a different wallet other than Slope. Furthermore, Yakovenko told the affected user to “Start practicing the cold/hot wallet separation”.

As per the rough estimates, the hackers have stolen more than $8 million worth of SOL tokens from across 8000 wallets.

How attackers breached Slope wallets?

While the exact details and the conduct of the hack aren’t available, some experts have highlighted the possibilities of the event. As per reports, Slope may have logged some user seed phrases on its centralized servers.

The attackers could have exploited these seed phrases by getting access to the Slope servers and using them for further transactions. Earlier, as the attackers started draining money from Slope and Phantom wallets, many believed it to be a Solana protocol issue.

But Solana’s head of communications Austin Fedora later revealed that the problem was isolated to hot wallets. He noted:

We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn’t find a single Phantom-forever user who had their wallet drained. There’s a lot more to go into about the actual vulnerability, but work is still ongoing at this point.

Slope has also acknowledged the problem. It has urged wallet users to generate a new unique seed phrase and transfer all funds to it instead of keeping it in the old wallet.