THE DAILY ENCRYPT

[date-today format='F j, Y']

Recent Solana Hack Points to a Exploit Discovered on Wallet App Slope

As a Solana mobile wallet is tapped for major network attacks, it's possible that private keys were accidentally compromised....
Image by The Daily Encrypt

As a Solana mobile wallet is tapped for major network attacks, it’s possible that private keys were accidentally compromised. The Slope mobile wallet app is suspected to be responsible for the large-scale Solana wallet hack that began Tuesday night.

Solana developers believe that the private key information for affected wallets was “inadvertently transmitted” to a third-party.

The collective loss of $4.5 million in SOL tokens by thousands of Solana users from Tuesday night to Wednesday morning is being blamed on a private key exploit that was tied to the mobile software wallet Slope.

On Wednesday afternoon, Solana Status Twitter account shared preliminary results from collaboration between developers, security auditors and stated that “it appears that affected addresses were at some point created, imported or used in Slope Mobile wallet applications.”

The thread states that the exploit was limited to Solana’s wallet, while hardware wallets used for Slope are secure. While the exact cause of this incident is still being investigated, private key information was accidentally transmitted to an application monitoring company.

The account stated that there is no evidence that the Solana protocol was or its cryptography were compromised.

It was also possible to drain some Phantom wallets of their SOL tokens and tokens. However, it seems that the wallet holders were previously connected with a Slope wallet. “Phantom believes that the reported exploits were due to complications regarding importing accounts from and to Slope,” the Phantom Team tweeted today.

Slope issued its own statement shortly before the Solana Status thread. Although it acknowledges that Slope wallets were hacked, it does not detail the details or take responsibility.

It reads, “We have some hypotheses about the nature of breach, but it is not yet clear,”. We feel the pain of the community, and we weren’t immune. Many of our founders and staff were left with empty pockets.”

“We are still actively diagnosing and are committed to publishing the full postmortem and earning back your trust and making this as right and as accurate as possible,” Slope’s team wrote.

Blockchain explorer Solscan says it has been over five hours since any of the four attacker wallets took cryptocurrency or tokens out of any vulnerable wallet. The attackers stole approximately $4.46 million of crypto from the Solana Status account, which claimed that there were around 8,000 unique wallets.

The attack began on Tuesday night. Many Solana users and platforms suspected that smart contracts were being used to exploit wallets. The transactions were signed by the wallets, indicating compromised private keys.

Slope suggests that users create a new wallet and a new seed phrase, then transfer funds to it. Hardware wallets were not affected by the hack and can be used to protect assets during the ongoing exploit.

Felipe Rodriguez

Felipe Rodriguez

Felipe states he has super powers, some argue that case but he does come up with some very clear predictions. Felipe is based in the US and frequently travels to Brazil where he was born. He is a journalist of the future and has a portfolio of crypto projects he has worked with. Felipe always says "The future doesn't scare me as much as the past, crypto is here to stay but only time will tell where it will take us".
Felipe Rodriguez

Felipe Rodriguez

Felipe states he has super powers, some argue that case but he does come up with some very clear predictions. Felipe is based in the US and frequently travels to Brazil where he was born. He is a journalist of the future and has a portfolio of crypto projects he has worked with. Felipe always says "The future doesn't scare me as much as the past, crypto is here to stay but only time will tell where it will take us".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES