Solana, one of the more popular DeFi ecosystems, is reeling from a hack that saw at least $8 million drained from 8,000 wallets connected to the network.
Solana’s Head of Communications, Austin Fedora, indicated that 60% of the drained wallets were Phantom Wallets, while 40% were from a wallet service known as
In a statement on Twitter, Solana said:
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
They added that the hack was isolated to Slope and that ‘private key information was inadvertently transmitted to an application monitoring service.’ They also absolved the Solana network of blame saying ‘there is no evidence the Solana protocol or its cryptography was compromised.’
SEE ALSOPolygon Launches zkEVM and Promises Drastically Improved Costs and Speed on Ethereum
Otter, a blockchain auditing firm, found that the Slope app sent users seed phrases to a centralized server, and these seed phrases were saved in readable text, not encrypted, and so someone with access to the server could get access to private keys belonging to users.
As a result, Solana Founder and CEO, Anatoly Yakovenko, asked users to move their assets to a different wallet:
If you have ever imported a seed phrase into slope, consider it compromized. Move all the assets to a new non slope wallet. Even if the attack didn't claim those tokens yet, the phrase is leaked. Just a matter of time https://t.co/pCBx8jRwcO
— SMS aey.sol, ???? (@aeyakovenko) August 3, 2022
Slope, on its part, asked users ‘to create a new and unique seed phrase wallet, and transfer all assets to this new wallet, urging users to avoid using the same seed phrase on this new wallet that you had on Slope.’
Phantom wallet users were also affected but only those who had either connected to a 3rd-party service like Slope.
We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn't find a single Phantom-forever user who had their wallet drained
— Austin Federa | sms (@Austin_Federa) August 3, 2022
Slope also said it had ‘hypotheses’ as to the nature of the breach but nothing confirmed, saying that even its staff and founders were affected by the hack.
Hardware wallets were not affected by the hack.
RECOMMENDED READINGSolana Shipping Android Smartphones in 2023 to Spur Mobile Blockchain Ecosystem
