Earlier this week, thousands of crypto wallets connected to the Solana ecosystem were drained by attackers who used owners’ private keys to steal both Solana (SOL) and USD Coin (USDC). Solana now says that after investigation “by developers, ecosystem teams and security auditors”, he linked the attack to accounts linked to the Slope mobile wallet app.
A chart set up on Dune to track the attacks tallies the amount of crypto stolen at just over $4 million, drawn from more than 9,000 unique wallets.
Slope Finance, which calls itself “the easiest way to discover Web3 apps from one secure place,” released a statement advising all Slope users to create “a new and unique departure and transfer all assets to this new portfolio”. The blog post states that “many” wallets belonging to Slope staff were also emptied, but notes that hardware wallets (also known as cold wallets, which are not connected to the internet) were not affected.
This exploit has been isolated to a wallet on Solana, and the hardware wallets used by Slope remain secure.
Although the details of exactly how this happened are still being investigated, information about the private key was inadvertently passed to an application monitoring service. 2/3
— Solana Status (@SolanaStatus) August 3, 2022
Slope did not provide details on how the attack happened, but strangers discovered evidence that the company’s mobile apps were transmitting users’ private keys unencrypted as part of their logging and telemetry.
In a Tweeter, Solana Group said: “The exact details of how this happened are still under investigation, but information about the private key was inadvertently passed to an application monitoring service. ” The company added, “There is no evidence that the Solana protocol or its cryptography has been compromised.”
Some Solana users holding funds on wallets operated by a third-party Phantom have also been impacted, but Phantom itself has placed the breach firmly on Slope’s doorstep.
“Phantom has reason to believe that the reported exploits are due to complications with importing accounts to and from @slope_finance,” the company tweeted. “In the meantime, if Phantom users have installed other wallets as well, we recommend trying to move your assets to a new non-Slope wallet with a new seed phrase.”