Solana wallet breach investigation: Slope wallet leaked sensitive information, no vulnerabilities in the mainnet
On 8/3, the smart contract public chain Solana experienced asset theft from two wallet users, Phantom and Slope. Solana officials stated that the investigation revealed Slope wallet was responsible. The Slope team responded, "We can feel the pain of the community because we have also been hacked."
Table of Contents
Solana Official Investigation: Private Keys Compromised
The Solana team released an investigation report on the morning of the 4th, stating that the compromised addresses had all interacted with the Slope wallet by creating, importing, or using the Slope mobile app. However, hardware wallets that had interacted with Slope were not affected.
The team mentioned that details are still under investigation, but it appears that user private keys were inadvertently transferred to monitoring applications. The Solana mainnet and its encryption mechanisms were not compromised in the attack.
Slope Response: We Were Hacked Too
On the same day, the Slope wallet team, suspected to be the source of the issue, stated that a set of Slope wallets were breached, although the exact cause has not been determined. They expressed empathy for the community's pain as they themselves were not spared, with the team and founders' wallets also being compromised.
Slope recommended users to create new wallets and transfer funds into them.
Community Discussions
Solana's delayed response to the situation on the evening of the 3rd sparked discussions among prominent Twitter personalities. Cobie asked, "Is there a post-mortem report on Solana wallets now?" 0xHamZ remarked that the post-mortem was simply "Don't use Solana." FatMan, a key crypto influencer during the LUNA incident, initially commented, "They are still clarifying whether Slope or Phantom accidentally leaked critical data." Today on the 4th, FatMan stated that Slope's servers had the ability to obtain mnemonic phrases in plaintext during wallet generation, but external integrations did not receive this information. A detailed report is still pending.
Solana Coin Price Unaffected
Despite the serious security incident in the Solana ecosystem, the price of SOL remained relatively stable with minimal deviation from before the incident after a day of turbulence.
Related
- China improves infiltration methods: Taiwanese military officer accepts USDT in exchange for national secrets, Telegram anonymous individuals
- Huobi Wallet hacked for millions by insider, Justin Sun responds: Inherited poison from acquisition
- Cross-chain bridge protocol LI.FI hacked for $12 million, Parity: Same vulnerability exploited two years ago