Slope wallets blamed for Solana-based wallet attack
Web3 wallet provider Slope has been connected to the recent hack of Solana-based wallets.
As the dust settles from yesterday’s Solana ecosystem mayhem, data surfs that wallet provider Slope is largely responsible for the security exploit that stole crypto from thousands of Solana users.
|
The slope is a Web3 wallet provider for the Solana layer-1 (L1) blockchain. Through the Solana Status Twitter account on Aug. 3, the Solana Foundation pointed the finger at Slope
stating that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
Solana co-founder Anatoly Yakovenko also linked Slope wallets to the hack on his Twitter account. He advised users to regenerate a seed phrase from a service other than Slope as soon as possible.
He also told an affected user to “Start practising the cold/hot wallet separation.” The Solana-based wallet exploits first surfaced on Aug.
2, after the community reported that their crypto wallets were drained of their Solana (SOL) and other tokens. It is estimated that roughly $8 million in crypto was stolen from nearly 8,000 wallets.
Through its investigation, the Solana Foundation determined that the private keys for each of the wallets compromised in the exploit were “inadvertently transmitted to an application monitoring service” such as Slope.
It added that there was no evidence to suggest the Solana protocol or its cryptography was at risk from the attack.
Some reports say Slope may have logged user seed phrases on its centralized servers. The servers could have been compromised and leaked seed phrases, which a hacker could use to execute transactions.
Earlier reports of the attack on the day said that users of Slope and Phantom hot wallets were being targeted, leading many to believe there could be a broader issue with the Solana protocol;
however, a further analysis shared by Solana’s head of communications, Austin Fedora, found that the problem was isolated to just hot wallets.
Fedora said that while 60% of the victims of the attack were Phantom users, those affected did not generate their seed phrase using Phantom.
On Wednesday, slope issued a statement addressing the status of its ongoing investigation into the incident, confirming that “A cohort of Slope wallets were compromised in the breach,” including some belonging to its own staff.
✅LiteFinance✅✅IC Markets✅✅ Avatrade✅ |
The team urged users of Slope wallets to generate a new unique seed phrase and transfer all funds to it rather than keeping any funds on old wallets that could still be exploited later.
The Phantom team issued the warning by advising users to move their assets to a new non-Slope wallet. - cointelegraph
Hot Topics |
|
Ongoing Solana-based wallet hack has already seen millions drained |
|
Binance uses Soulbound Tokens to offer decentralized KYC of wallets |
|