Earlier this week, thousands of crypto wallets connected to the Solana ecosystem were drained by attackers who used the owners’ private keys to steal both Solana (SOL) and USD Coin (USDC). Solana now says that, after an investigation “by developers, ecosystem teams and security auditors”, it linked the attack to accounts linked to the Slope mobile wallet app.
A chart set up on Dune to track the attacks matches the amount of crypto stolen at just over $4 million, coming from more than 9,000 unique wallets.
Slope Finance, which calls itself “the easiest way to discover web3 applications from one safe place,” released a statement advising all Slope users to “create a new and unique seed phrase wallet and transfer all assets over to carry to this new wallet.” The blog post says that “many” wallets belonging to Slope’s staff were also empty, but notes that hardware wallets (also known as cold wallets, which are not connected to the Internet) remained untouched.
This exploit was isolated to one wallet on Solana and hardware wallets used by Slope remain secure.
While the details of exactly how this happened are still under investigation, private key information was accidentally passed to an application monitoring service. 2/3
— Solana Status (@SolanaStatus) August 3, 2022
Slope didn’t provide details on how the attack took place, but outsiders found evidence that the company’s mobile apps transferred users’ private keys unencrypted as part of their logging and telemetry.
In a tweetThe Solana group said: “The details of exactly how this happened are still under investigation, but private key information was accidentally passed to an application monitoring service.” The company added, “There is no evidence that the Solana protocol or cryptography has been compromised.”
Some Solana users holding funds in wallets managed by third-party Phantom were also affected, but Phantom itself has blamed Slope for the breach.
“Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance,” Company tweeted. “In the meantime, if Phantom users also have other wallets installed, we recommend that you move your assets to a new non-Slope wallet with a new seed phrase.”