Over the past few days, Solana users have been attacked by bad actors with millions of dollars worth of cryptocurrency stolen by unknown bad actors. Right now, wallets are still being drained, albeit at a slower rate.
Solana’s security team spent their time searching for the breach site and it looks like the likely culprit has been found.
Despite the fact that the attack targeted Solana users, it appears that Solana itself is not to blame – rather, the blame lies with a third-party wallet provider, Slope.
Slope hardware wallets included
However, the Solana developers strongly recommend that all Slope users create a new homepage phrase, regardless of the type of wallet they were using.
“Create a new and unique seed phrase wallet and transfer all assets to this new wallet. Again, we don’t recommend using the same phrase on this new wallet that you had on Slope. If you use a hardware wallet, your keys have not been compromised.
We are still actively diagnosing and are committed to publishing a full post-mortem, earning your trust and getting it as right as we can.”
Red Herrings – Sorry, Phantoms
While the investigation into the data breach was still ongoing, it was initially thought that the issue was more widespread, as Phantom wallets were also running out. However, it quickly became apparent that the exploited Phantom wallets had, in fact, they were not Phantom-forever users.
“If you’ve used Slope at all, consider those wallets burned. Nothing yet indicates that Phantom itself has had a problem, although interestingly there have been no reports of users on Solflare using their seed on Slope, while there have been many with Phantom.
In fact, the drained Phantom wallets had used Slope as well, as Austin Federa, head of communications at Solana, confirmed.
Over the past 24 hours, developers, security companies, and individual contributors from across Solana, Ethereum, and cross-chain wallets have come together to investigate what initially appeared to be a massive supply chain hack affecting Solana and Ethereum.
— Austin Federa | sms (@Austin_Federa) August 3, 2022
This statement was made later confirmed by the Phantom developers, who also advised Phantom users who had created their wallets with Slope to send their funds to a non-Slope wallet.
Source material phrases that are allegedly stored server-side
As the investigation continues, reports are also coming in that the breach of the Solana network via Slope did not come from poor coding on Slope’s part either – rather, the breach was allegedly due to initial Slope log phrases on their servers.
Fix – Slope wallet did not send keyphrases to external partners, but may have recorded them on their own central servers. I apologize for being a little early, the autopsy is still in progress. Wait for an announcement from the team for real confirmation.
— foobar (@0xfoobar) August 3, 2022
This cyber malpractice appears to have resulted in around 9,000 wallets being drained of multiple cryptocurrencies, with the largest amounts being in SOL and USDC.
The investigation is still ongoing and autopsies will be released by all parties involved once the exact methods of attack are determined.
Binance Free $100 (Exclusive): Use this link to sign up and get $100 in free commissions and 10% off your first month on Binance Futures (terms).
PrimeXBT Special Offer: Use this link to sign up and enter code POTATO50 to get up to $7,000 in your deposits.