Slope Wallet Blamed for Solana Mayhem – Here’s How to Protect Yourself

Updated by Geraint Price
In Brief
  • The cause of the security breach on Solana’s ecosystem has been identified to be from a wallet provider.
  • The attack drained over $8 million worth of assets from 8,000 wallets.
  • Users have been advised to create new wallets as the team cannot guarantee the safety of the old wallets.
  • promo

    Bnext Launches Its Utility Token on Gate.io Read Now

A postmortem into the recent security exploits on the Solana ecosystem has highlighted Slope as the genesis of the breach, amplifying the calls for a transition to hardware wallets.

Slope, a Web3 wallet service provider for Solana, has been blamed for the loss of funds in the Solana ecosystem. 

“After investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet application,” read a tweet from Solana Status.

Slope’s team conceded that a “cohort of Slope wallets were compromised in the breach” and both staff and founders’ wallets were drained in the attack. The team confirmed that it is carrying out an internal investigation and a comprehensive security audit in conjunction with blockchain security outfits.

The attack began on Aug 2 with widespread reports of users losing their SOL tokens from their wallets. 24 hours later, $8 million worth of SOL had been pilfered by the attacker from almost 8,000 wallets.

Solana remains safe

Contrary to the early reports, the new data suggests that Solana’s cryptography was not compromised. An investigation into the exploit by the Solana foundation revealed that private keys for Slope wallets were “inadvertently transmitted to an application monitoring service.”

Another hypothesis for the attack was that Slope stored the seed phrases of addresses on a central server, making the attack a straightforward application. The attack left SOL trading at $39.36, a far cry from its seven-day high of $46.48.

Users advised to discard their Slope wallets

In the statement, the wallet providers advised users to create new non-Slope seed phrase wallets without using the same seed phrase in previous wallets. “If you’ve used Slope at all, consider those wallets burned,” said one security expert.

The breach has amplified the call for investors to explore the possibility of hardware wallets. Slope confirmed that hardware wallets were not compromised in any way, while Anatoly Yakovenko, Solana’s founder, advised users to adopt “cold/hot wallet separation.”

Reports indicate that the attacker was also draining both Phantom wallets. Austin Federa, Solana’s head of communication, disclosed that data obtained showed that the team could not find a single Phantom-forever user that lost their holdings, making a case for the use of cold wallets.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.