Because the dust settles from yesterday’s Solana ecosystem mayhem, information is surfacing that wallet provider Slope is basically accountable for the safety exploit that stole crypto from a large number of Solana users.
Slope is really a Web3 wallet provider for that Solana layer-1 (L1) blockchain. With the Solana Status Twitter account on Wednesday, the Solana Foundation pointed the finger at Slope, proclaiming that “it seems affected addresses were at some point produced, imported, or utilized in Slope mobile wallet applications.”
After an analysis by developers, ecosystem teams, and security auditors, it seems affected addresses were at some point produced, imported, or utilized in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Solana co-founder Anatoly Yakovenko also linked Slope wallets towards the hack in the personal Twitter account. He advised users to regenerate a seed phrase from the service apart from Slope every time they can. Also, he told an affected user to “Start practicing the cold/hot wallet separation.”
Attacker is lazy at driving all of the pathways. A lot of phantom users only saw their slope addresses get drained. I’d advise anybody that touched slope to regenerate their seed phrase inside a different wallet as soon as possible.
— SMS aey.sol, (@aeyakovenko) August 3, 2022
The Solana-based wallet exploits first surfaced on Tuesday following the community started reporting their crypto wallets appeared to be drained of the Solana (SOL) along with other tokens. It’s believed that roughly $8 million in crypto was stolen from nearly 8,000 wallets.
Through its analysis, the Solana Foundation determined the private keys for each one of the wallets compromised within the exploit were “inadvertently transmitted for an application monitoring service” for example Slope.
It added that there wasn’t any evidence to point out the Solana protocol or its cryptography what food was in risk in the attack.
Some reports abound that Slope might have logged user seed phrases on its centralized servers. The servers might have been compromised and leaked seed phrases, that your hacker can use to complete transactions.
Earlier reports from the attack at the time stated that users of Slope and Phantom hot wallets appeared to be targeted, leading many to think there might be a wider problem with the Solana protocol. However, an additional analysis shared by Solana’s mind of communications Austin Fedora found the problem was isolated to simply hot wallets.
Fedora stated that although 60% from the victims from the attack were Phantom users, individuals affected didn’t generate their seed phrase using Phantom.
We spun up a Typeform to gather data and also the outcome was obvious – of individuals drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and demands towards the community, we could not look for a single Phantom-forever user who’d their wallet drained
— Austin Federa sms (@Austin_Federa) August 3, 2022
Slope issued an announcement addressing the status of their ongoing analysis in to the incident on Wednesday, confirming that “A cohort of Slope wallets were compromised within the breach,” including some owned by its very own staff.
Related: GitHub faces prevalent adware and spyware attacks affecting projects, including crypto
They advised users of Slope wallets to develop a new unique seed phrase and transfer all funds into it instead of keeping any funds on old wallets that could be exploited afterwards. The Phantom team walked in the warning by counseling users to maneuver their assets to a different non-Slope wallet.
