Solana, one of the largest cryptocurrencies by market capitalization, suffered a widespread attack targeting over 8,000 of its users’ wallets last week. The hack first was noticed last Tuesday after the Solana community began reporting that their crypto wallets were being drained of their Solana (SOL), USDC,NFTs, and other tokens. Security firm PeckShield estimates that roughly $8 million in crypto was stolen.

Initial victims reported that their Phantom, Slope, and TrustWallet crypto wallets had been targeted. Some affected users claimed that they haven’t interacted with their Solana wallet in more than 40 days. The lack of recent activity indicated that the attacker had access to the cryptography private keys that are required to make changes to the user funds.

Through its investigation, the Solana Foundation determined that the private keys for each of the wallets compromised in the exploit were “inadvertently transmitted to an application monitoring service” by Slope. 

“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” the official SolanaStatus Twitter account said. It added that there was no evidence to suggest the Solana protocol or its cryptography was at risk from the attack.

Slope’s software wallet sent sensitive user information to its private servers. Someone with access to the private servers then used that information to hack the Solana wallet accounts. Slope is a Web3 wallet provider for the Solana blockchain. At this moment the attacker still has not yet been identified. Law enforcement is working with Slope to investigate the issue.

Early reports suggested that the attack affected multiple Solana wallets including Phantom and Slope.  Many people speculated that the attack could indicate a broader problem with the Solana network or underlying cryptography technology that protects the blockchain. However, a further analysis shared by Solana’s head of communications Austin Fedora found that the problem was isolated to Slope wallets. Users who reported other wallets being affected had at some point used Slope wallet too. Phantom and TrustWallet had not been hacked.

Slope issued a statement addressing the status of its ongoing investigation into the incident on Wednesday, confirming that “A cohort of Slope wallets were compromised in the breach,” including some belonging to its own staff. The Slope team urged users to generate a new unique seed phrase and transfer all funds to it rather than keeping any funds on old wallets which could still be exploited later on.