Earlier this month over 9,000 Solana users saw their crypto wallets drained after a wide-scale attack targeted Slope, a popular Solana wallet. Hackers were able to access the crypto account private keys, which enabled them to take full control over the Solana wallet accounts and siphon off the Solana SOL, USDC, USDT, and other crypto token balances. In some instances the hackers stole valuable NFTs.
Solana is one of the largest cryptocurrencies with a market capitalization over $20 billion. Attackers transferred victims’ funds to four unique Solana wallet addresses. In total, the wallet hack amounted to over $6 million in crypto assets stolen.
The onset of the attack occurred quickly, and there was widespread panic and uncertainty. Initial reports among the Solana community noted that the hack was isolated to Slope’s mobile app. The Solana wallet mobile app exposed users’ sensitive account information to Slope’s backend servers. Many Solana users were shocked and surprised that Slope’s wallet exposed their private keys in clear text to Slope employees and third parties. Non-custodial crypto wallets should never transmit or expose users’ private keys. It is not clear why this security lapse occurred at Slope.
The Solana Foundation quickly created a team to identify and resolve the issue once it was discovered. The team worked with various security researchers, wallet hack victims, and wallet providers to identify the source of the hack. Within 24 hours it was determined that Slope wallet was the cause.
“We are working together with our auditing partners and the Solana foundation to uncover any potential additional attack vectors. Relevant law enforcement agencies have been informed in order to proceed with criminal investigations against the attackers,” tweeted Slope.
“I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap,” tweeted Solana Labs Co-Founder Anatoly Yakovenko.
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” stated the SolanaStatus Twitter account.
Slope released an official statement that acknowledges its fault for the hacking incident. Slope is currently working with law enforcement and crypto exchanges to identify the hackers. Also, Slope requested that the hackers return 90% of victims’ funds. Thus far the hackers have not yet been identified, nor have any funds been returned.
Hackers will have a difficult time accessing the funds because authorities are monitoring the hackers’ Solana wallet addresses. The hackers’ wallet addresses were created with funds originating at Binance half a year ago – this digital trail may lead to the hackers’ identities since Binance is a wallet custodian that tracks users identities.
Other popular Solana wallets such as Phantom, Sollet, Glow, Avana Wallet, and Solfare all reported no security leaks. Users of these wallets who had their accounts hacked had at some point used the same account in a Slope wallet, which ultimately ended up exposing their private keys to third parties.
