Following the Solana attack that began on August 2, details have emerged linking third-party Web3 wallet provider Slope to the attack.
Over 8,000 Solana hot wallets were attacked and approximately $8 million worth of crypto assets were stolen. At the start of the attack, Solana advised its users to switch to a hardware wallet, although it was too late as users had already lost funds.
Today, Solana has updated its community Twitter After discovering that the affected addresses were part of Slope Wallet, which is a Web3 wallet.
Solana’s tweet said:
“After investigation by developers, ecosystem teams, and security auditors, it appears that the affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
Slope has a web-based crypto wallet, a mobile app, and a browser extension. It is integrated with Solana Pay and it allows users to send and receive tokens on the Solana network.
What we know so far about the Solana attack
Solana said the details of what exactly happened are still unclear, although there is evidence that “Slope Wallet was logging or transmitting user memory and private keys.”
While it is not certain if this is an exploit, it has now been confirmed that Slope Wallet was logging or transmitting user memory and private keys. See screenshot in this tweet showing what appears to be the private key and a network request https://t.co/oBkfrHP9I7
— line ️ stackwiz.com (@laine_sa_) 3 August 2022
Nevertheless, Solana has stated that there is no evidence that the Solana protocol or its cryptography was compromised during the attack.
Following the revelation of the link to Slope’s attack, Solana co-founder, Anatoly Yakovenko tweeted advising Slope users to create their seed phrase in a separate wallet as soon as possible. The CEO of Binance, Changpeng Zhao, echoed Anatoly’s advice, saying that users can use Binance.
If you have used a Slope wallet (for SOL) in the past, move your funds to a different wallet ASAP. Do not “import” the old wallet. Use a new private key or seed phrase. If you don’t know the meaning of those words, send your SOL here @binance, easy way. https://t.co/t1lYcgaX5z
— CZ Binance (@cz_binance) 3 August 2022
On its part, Slope issued a letter to its customers explaining the hypothesis of the attack and that it was yet to confirm anything. In the letter, Slope notes:
“We feel the pain of the community, and we were not immune. Many of our own employees and founders had run out of wallets.”
The details of what exactly happened are still muddled as Solana and Slope wallet users are advised to exercise caution.
Solana Network’s native token SOL has seen a drop in price and is down by more than 10% over the past two days. At the time of writing, Solana was trading at $38.86.