After the Solana attack that started on August 2, details have emerged linking a third-party Web3 wallet provider Slope to the attack.
More than 8,000 Solana hot wallets were attacked and approximately $8 million worth of crypto assets were stolen. At the onset of the attack, Solana advised its users to switch to hardware wallets although it was too late since users had already lost funds.
Today, Solana has updated its community via Twitter after discovering that the affected addresses were part of Slope Wallet, which is a Web3 wallet.
The tweet by Solana stated:
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
slope has a web-based crypto wallet, a mobile app, and a browser extension. It is integrated with Solana Pay and it allows users to send and receive tokens on the Solana network.
What we know about the Solana attack so far
Solana has stated that the details of what really transpired are still unclear although there is evidence that “Slope wallet was logging or transmitting user mnemonics and private keys.”
While not certain that this is the exploit, it appears to now be confirmed that Slope wallet was logging or transmitting user mnemonics and private keys. See screenshot in this tweet showing private key and mnemonic in what appears to be a network request
— Laine ❤️ stakewiz.com (@laine_sa_) August 3, 2022
Nevertheless, Solana has said that there is no evidence that the Solana Protocol or its cryptography was compromised during the attack.
After the revelation of Slope’s link to the attack, Solana co-founder, Anatoly Yakovenko tweeted advising Slope users to generate their seed phrase in a different wallet as soon as possible. Binance CEO, Changpeng Zhao, echoed Anatoly’s advice adding that users could use Binance.
If you used a Slope wallet (for SOL) in the past, move your funds to a different wallet ASAP. Do not “import” the old wallet. Use a new private key or seed phrase. If you don’t know those words mean, send your SOL to @binance. The easy way.
— CZ ? Binance (@cz_binance) August 3, 2022
On its part, Slope issued a letter explaining to its customers the hypothesis of the attack and stating that it could not confirm anything yet. In the letter, Slope notes:
“We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.”
Details of what really happened are still trickling in as Solana and Slope Wallet users are advised to take caution.
The price of SOL, the native token of the Solana network has taken a hit and has dipped by over 10% over the last two days. At the time of writing, Solana was trading at $38.86.