Solana Team Links Exploit to Imported Slope Finance Wallets
The Solana exploit, which affected thousands of users, appears to have originated with Slope Finance. Wallet owners are advised to transfer funds from Slope imported wallets as soon as possible.
Slope Wallets Blamed for Solana Exploit
After Wednesday’s Solana ecosystem upheaval, new information has emerged indicating that the wallet provider Slope was primarily accountable for the security exploit that managed to steal crypto from thousands of users.
The investigation was carried out by developers, ecosystem teams, and security auditors, according to the group, which goes by the handle “@SolanaStatus,” on Twitter.
Slope is a Web3 wallet service provider for the Solana L1 blockchain. The Solana Foundation pointed the finger at Slope on Wednesday, stating that “it appears affected addresses were created, imported, or used in Slope mobile wallet applications.”
Anatoly Yakovenko, the co-founder of Solana, also connected Slope wallets to the exploit in his personal Twitter account. He advised that users regenerate a seed phrase from a service other than Slope as soon as possible. He also suggested an affected user “start practicing cold/hot wallet separation.”
The Solana-based wallet exploits first appeared on Tuesday, after community members began reporting that their cryptocurrency wallets were being drained of Solana (SOL) and other tokens. It is estimated that approximately $8 million worth of cryptoassets had been stolen from close to 8,000 wallets.
Seed Phrases Purportedly Stored in Centralized Servers
The Solana Foundation’s investigation revealed that the private keys for each of the wallets compromised by the exploit were “inadvertently transmitted to an application monitoring service” like Slope. It went on to say that there was no evidence that the Solana protocol or its cryptography was subject to the attack.
According to some reports, Slope may have logged user seed phrases on its centralized servers. The servers could have been compromised, and seed phrases leaked, which a hacker could use to conduct transactions.
Earlier reports of the day’s attack stated that users of the Slope and Phantom hot wallets had been targeted, leading many to believe there was a greater issue with the Solana protocol. However, according to a subsequent analysis shared by Solana’s head of communications, Austin Fedora, the problem was limited to only hot wallets.
Fedora stated that while 60% of the victims were Phantom users, those affected did not generate their seed phrase with Phantom.
Slope issued its own statement on Wednesday, just before the Solana Status thread. It acknowledges that Slope wallets were compromised but did not go into detail about what happened, nor has the company accepted responsibility for the attacks.
We have some hypotheses as to the nature of the breach, but nothing is yet firm. We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.
The team urged Slope wallet users to generate a new unique seed phrase and move all funds to it rather than leaving any funds on old wallets that could still be exploited later. The Phantom team issued an additional warning, advising users to move their assets to a non-Slope wallet.