- A bug in Slope wallets is believed to be behind the recent theft from Solana wallets.
- Nearly $6 million was stolen from 9,000 addresses.
- The teams are still continuing their investigation and will release a full report later.
The recent attack on Solana wallets, where 9,000 addresses were drained of nearly $6 million, was attributed to compromised private keys on Slope mobile wallet apps. An initial investigation by the teams says the private key details of the compromised wallets were inadvertently transferred to a third party.
After developers, ecosystem teams, and security auditors began investigating the attack, they noticed that the affected addresses were at some point created, imported, or used in Slope mobile wallet applications. They also noted that the exploit was isolated to one wallet in Solana, and the hardware wallets used by Slope remain secure.
While Slope continues its investigation, it has asked all the Slope users to create a new and unique homepage phrase wallet and transfer all their assets there. Hardware users remain secure and need to worry about their keys. The team will release a full autopsy later.
Four attackers have been identified, who attacked around 9,000 unique wallets. So far, everyone investigating has said there doesn’t appear to be a bug in the Solana code. It is the software used by popular wallet providers that appears to be vulnerable.
Solana Labs co-founder Anatoly Yakovenko said the attack looked like “an attack on the iOS supply chain,” though he later noted that Android users appear to be affected as well. He also concluded that it was probably a Slope-specific bug.
Invasions continue in the Crypto Space
2022 saw no shortage of hacks in the crypto market, and the number of reported incidents seems to be increasing day by day. A recently published SlowMist report stated that crypto hacks have stolen over $1 billion from DeFi alone in 2022.
Digital artist Beeple’s Twitter account was also recently hacked, with hackers managing to steal $400,000 worth of crypto funds by posting phishing links. Phishing has become a popular means of attack among bad actors this year.
Some of these attacks have been attributed to the North Korean-linked Lazarus group. This group is believed to be behind the $100 million Harmony Protocol Horizon Bridge hack, among many other such hacks.