Solana says hackers exploited Slope wallets during the $7 million theft

As per the investigation, hackers exploited the Slope mobile wallet applications by inadvertently transmitting private keys to an application monitoring service.
Solana added that there’s no evidence of any compromise in the network protocol or its cryptography.

On Tuesday, August 2, blockchain platform Solana reported a major theft with thousands of SOL tokens stolen from crypto wallets. Earlier, it was suspected that over 8000 Phantom wallets had been compromised. However, further investigation revealed that Slope’s mobile wallet applications were the victims of the hack.

Slope is a Web 3 wallet provider for the Solana Layer 1 blockchain network. During its investigation, the Solana Foundation found that the attackers compromised the private keys for each wallet in the exploit. It also adds that the attackers “inadvertently transmitted” the private keys to an “application monitoring service” such as Slope.

In its latest update, Solana has said that there’s no evidence of any compromise in the network protocol or its cryptography. Solana said:

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.

Anatoly Yakovenko, co-founder of Solana also linked Slope wallet to the hack. He also requested users to regenerate their seed phase in a different wallet other than Slope. Furthermore, Yakovenko told the affected user to “Start practicing the cold/hot wallet separation”.

As per the rough estimates, the hackers have stolen more than $8 million worth of SOL tokens from across 8000 wallets.

How attackers breached Slope wallets?

While the exact details and the conduct of the hack aren’t available, some experts have highlighted the possibilities of the event. As per reports, Slope may have logged some user seed phrases on its centralized servers.

The attackers could have exploited these seed phrases by getting access to the Slope servers and using them for further transactions. Earlier, as the attackers started draining money from Slope and Phantom wallets, many believed it to be a Solana protocol issue.

But Solana’s head of communications Austin Fedora later revealed that the problem was isolated to hot wallets. He noted:

We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn’t find a single Phantom-forever user who had their wallet drained. There’s a lot more to go into about the actual vulnerability, but work is still ongoing at this point.

Slope has also acknowledged the problem. It has urged wallet users to generate a new unique seed phrase and transfer all funds to it instead of keeping it in the old wallet.

See below for our official statement on the breach situation (now posted to our Medium).

We empathize with everyone affected, and are doing our best to solve and rectify the situation.

— Slope (@slope_finance) August 3, 2022

Der Beitrag Solana says hackers exploited Slope wallets during the $7 million theft erschien zuerst auf Crypto News Flash.

Related Posts

Time to Buy Dogecoin? DOGE Price up 8% as Alternatives like Tamadoge also Rocket

Dogecoin closed out the week strong with an 8% pump on Sunday August 14th, up around 14% in total on its weekly candle. Heading into the latter…

Bitcoin Miners Continue Distribution, Bad Sign For The Rally?

On-chain shows Bitcoin miners have been in a phase of distribution recently, a sign that could prove to be bearish for the price of the crypto. Bitcoin…

Weekly NFT Sales Show Improvement, Fantom and Immutable X NFT Volume Spikes

Non-fungible token (NFT) sales managed to climb higher during the last seven days than the previous week’s overall sales. This week’s NFT sales managed to jump over…

How Metaverse Real Estate is sinking!

The previous year, a huge flood of cash from tech fans and corporate marketers provoked real estate rates in the metaverse. Alt-coin holders and CryptoPunk NFT collectors…

Why Anonymous Twitter user is transmitting crypto to idols

Let’s see what senior crypto reporter Anita Ramaswamy thinks: Tornado Cash has been the conversation of the city this week in crypto cycles. The U.S. administration’s Office of…

NFT Naruto Museum signs agreement with Michael Jackson Estate

More than a decade after his death, Michael Jackson’s fame lives on with posthumous albums, Broadway shows, and continued cultural relevance. After dominating the fabric world, it…

Generated by Feedzy