Following the Solana attack that began on August 2, details have emerged linking a third-party Web3 wallet provider Slope to the attack.
More than 8,000 Solana hot wallets were attacked and approximately $8 million worth of crypto assets were stolen. At the start of the attack, Solana advised its users to switch to hardware wallets, although it was too late as users had already lost money.
Today Solana updated its community via Twitter after we discovered that the affected addresses were part of Slope Wallet, a Web3 wallet.
Solana’s tweet stated:
“After investigation by developers, ecosystem teams and security auditors, it appears that the affected addresses were once created, imported or used in Slope mobile wallet applications.”
slope has a web-based crypto wallet, a mobile app, and a browser extension. It is integrated with Solana Pay and allows users to send and receive tokens on the Solana network.
What we know so far about the Solana attack
Solana has stated that the details of what actually happened are still unclear, although there are indications that “Slope Wallet was logging or sending reminders and private keys from users.”
While it is not certain that this is the exploit, it now appears to have been confirmed that the Slope wallet was logging or sending users’ mnemonics and private keys. See screenshot in this tweet with private key and mnemonic in what appears to be a network request https://t.co/oBkfrHP9I7
— Laine ❤️ stakewiz.com (@laine_sa_) August 3, 2022
Nevertheless, Solana has said there is no evidence that the Solana protocol or its cryptography was compromised during the attack.
After revealing Slope’s link to the attack, Solana co-founder Anatoly Yakovenko tweeted advising Slope users to generate their seed phrase in another wallet as soon as possible. Binance CEO, Changpeng Zhao, echoed Anatoly’s advice, adding that users could use Binance.
If you have used a Slope wallet (for SOL) in the past, please move your money to another wallet as soon as possible. Do not “import” the old wallet. Use a new private key or seed phrase. If you don’t know what those words mean, send your SOL to @binance. The easy way. https://t.co/t1lYcgaX5z
— CZ 🔶 Binance (@cz_binance) August 3, 2022
For his part, Slope issued a letter explaining to his clients the hypothesis of the attack and stating that it could not confirm anything yet. In the letter, Slope notes:
“We feel the pain of the community and we were not immune. Many of our own employees and the wallets of our founders had been robbed.”
Details of what actually happened are still trickling in as Solana and Slope Wallet users are advised to exercise caution.
The price of SOL, the native token of the Solana network, has taken a hit, falling more than 10% in the past two days. At the time of writing, Solana was trading at $38.86.