Solana ties major hack to wallet provider Slope

Solana links the breach to Slope and notes several wallets were compromised.

An investigation by the Solana team into the hack of thousands of cryptocurrency wallets showed that the addresses touched by the attack were “at some point created, imported, or used in Slope mobile wallet applications”.

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

— Solana Status (@SolanaStatus) August 3, 2022

Earlier, Solana developers announced that the hack was not caused by a bug in the blockchain’s core code, but by software used by “several popular wallets”.

Co-founder Anatoly Yakovenko wrote that anyone who has ever imported a seed phrase into Slope should consider it compromised.

If you have ever imported a seed phrase into slope, consider it compromized. Move all the assets to a new non slope wallet. Even if the attack didn’t claim those tokens yet, the phrase is leaked. Just a matter of time https://t.co/pCBx8jRwcO

— SMS aey.sol, 🇺🇸 (@aeyakovenko) August 3, 2022

In a statement, Slope said that a number of the project’s wallets were compromised and the team is actively investigating the incident. The developers ‘have several hypotheses’, but they did not name a specific cause of the breach.

See below for our official statement on the breach situation (now posted to our Medium).

We empathize with everyone affected, and are doing our best to solve and rectify the situation.https://t.co/E9xrKbdLOy

— Slope (@slope_finance) August 3, 2022

Slope urged all users to create new wallets with different seed phrases and transfer their assets to them.

Phantom project representatives, whose clients were also affected by the breach, said they have reasons to believe that the exploited vulnerability is linked to Slope. They advised users to move assets to new wallets from other providers.

1/ Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance.

We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident. https://t.co/W5B19gbMJX

— Phantom (@phantom) August 3, 2022

Some experts note that Slope may have stored seed phrases on its centralized servers, which attackers could subsequently compromise.

Correction — the Slope wallet did not send seed phrases to external partners, but may have logged them on their own centralized servers. Apologies for getting a bit ahead of myself, postmortem still in progress. Wait for an announcement from the team for true confirmation.

— foobar (@0xfoobar) August 3, 2022

A Slope spokesperson told CoinDesk that the team does not store “any personal data on a centralized server”. However, he later said that this statement was incorrect.

The investigation continues, Solana emphasised.

As recalled, in early August unknown gained access to the funds of owners of about 8,000 Solana-based wallets and withdrew millions of dollars.

Read ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analytics.