The large-scale wallet hack from Solana, which began on Tuesday night, is believed to be linked to the mobile wallet app Slope.
Solana’s developers believe that private key details of affected wallets were “unintentionally transferred” to a third party.
Thousands of Solana users in total lost SOL worth about 4.5 million dollars and other tokens from Tuesday night into early Wednesday, and now there’s a likely explanation as to why: it’s being blamed on a private key exploit linked to mobile software wallet The slope.
Wednesday afternoon, the official Solana Status Twitter account shared preliminary findings through collaboration between developers and security auditors, saying that “it appears that affected addresses were at some point created, imported, or used in Slope mobile wallet applications.”
“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure,” the thread continues. “While the details of exactly how this happened are still under investigation, key private information was inadvertently transmitted to an application monitoring service.”
“There is no evidence that the Solana protocol or its cryptography was compromised,” the account added.
Some Phantom wallets were also drained for SOL and tokens in the attack, but it appears that the holders of these wallets had previously interacted with a Slope wallet. “Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope,” The Phantom Team tweeted Today.
The slope has issued its own statement right before the Solana Status thread. It acknowledges that Slope wallets were included in the hack, but does not specifically describe what happened, nor has the firm claimed responsibility for the attacks.
“We have some hypotheses regarding the nature of the breach, but nothing is yet firm,” it said in part. “We feel society’s pain, and we were not immune. Many of our own employees and the founders’ wallets were drained.”
“We are still actively diagnosing, and are committed to publishing a full postmortem, earning back your trust and making this as correct as we can,” Slope’s team wrote.
According to blockchain explorer Solscan, more than five hours have passed since one of the four attacking wallets siphoned cryptocurrency or tokens from any vulnerable wallet. In all, the attackers took an estimated $4.46 million in crypto from what the Solana Status account said were about 8,000 unique wallets.
The attack started on Tuesday evening, and many Solana users and platforms initially suspected that wallets were being exploited through previously granted permissions to a smart contract. However, the transactions were signed by the wallets in question, suggesting compromised private keys.
Slope recommends that users create a new wallet with a brand new seed phrase and transfer funds to it. Hardware wallets have also been unaffected by the hack, and are also recommended for keeping assets safe amid the potentially ongoing exploit situation.
Stay up to date on crypto news, get daily updates in your inbox.