The large-scale Solana wallet hack, which began on Tuesday evening, is believed to be linked to the Slope mobile wallet app.
The Solana developers believe that the private key details of the affected wallets were “inadvertently transferred” to a third party.
Thousands of Solana users collectively lost about $4.5 million from SOL and other tokens from Tuesday night through early Wednesday, and now there’s a likely explanation for this: it’s blamed on a private key exploit related to mobile software wallet Slope.
Wednesday afternoon, the official Solana Status Twitter account sharing preliminary findings through collaboration between developers and security auditors, and said that “it appears that the affected addresses were at some point created, imported, or used in the Slope mobile wallet apps.”
“This exploit has been isolated to a wallet on Solana, and the hardware wallets used by Slope remain secure,” the thread continues. “While the details of exactly how this happened are still being investigated, information about the private key was inadvertently passed to an application monitoring service.”
“There is no evidence that the Solana protocol or its cryptography has been compromised,” the account added.
Some Phantom wallets were also emptied of their SOL and tokens during the attack, but it appears that the holders of these wallets have already interacted with a Slope wallet. “Phantom has reason to believe that the reported exploits are due to complications with importing accounts to and from Slope,” said the The ghost team tweeted today.
Slope issued its own statement just before the Solana Status thread. It acknowledges that Slope wallets were included in the hack, but does not specifically detail what happened, and the company has not taken responsibility for the attacks.
“We have some assumptions as to the nature of the breach, but nothing is firm yet,” it read in part. “We feel the pain of the community and we were not immune. Many of our own staff and founder portfolios have been depleted.
“We are still actively diagnosing and are committed to posting a full post-mortem, earning your trust, and making this as fair as possible,” Slope’s team wrote.
According to blockchain explorer Solscan, it has been more than five hours since one of the four attacking wallets emptied cryptocurrency or tokens from any sensitive wallet. In total, the attackers took around $4.46 million in crypto from what the Solana Status account said was around 8,000 unique wallets.
The attack started tuesday evening, and many Solana users and platforms initially suspected that the wallets were operated via permissions previously granted to a smart contract. However, the transactions were signed by the wallets in question, suggesting compromised private keys.
Slope recommends its users to create a new wallet with a completely new seed phrase and transfer funds to it. Additionally, hardware wallets were not affected by the hack and are also recommended for securing assets amid the potentially still ongoing exploit situation.
Stay up to date with crypto news, get daily updates delivered to your inbox.