Slope a web3 wallet provider has been implicated in the Solana-based wallet attack. Following yesterday’s destruction of the Solana ecosystem, information is now emerging that wallet provider Slope is largely to blame for the security flaw that allowed thousands of Solana users to have their cryptocurrency stolen.
The Solana layer-1 (L1) blockchain receives services from Slope, which serves as a Web3 wallet provider. The affected addresses appear to have previously been created, imported, or used in Slope mobile wallet applications, the Solana Foundation reported this through Twitter.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2— Solana Status (@SolanaStatus) August 3, 2022
Anatoly Yakovenko, a co-founder of Solana, also attached Slope wallets to the hack on his own Twitter account. He advised users to regenerate a seed phrase using any other service Slope. Additionally, he advised one of the impacted users to “Start practicing the cold/hot wallet separation.”
If you’ve used Slope at all consider those wallets burned.— Laine ❤️ stakewiz.com (@laine_sa_) August 3, 2022
Nothing yet to indicate Phantom itself has had an issue, though it’s interesting that there haven’t been reports of users on Solflare who used their seed on Slope as well, while there’ve been many with Phantom.
The community reported that their Solana-based wallets were being drained of their Solana & other tokens on August 2. From close to 8,000 wallets, an estimated $8 million in cryptocurrency was stolen.
The Solana Foundation’s investigation led it to the conclusion that the private keys for every Solana-based wallet exposed by the exploit were “accidentally transmitted to an application monitoring service” like Slope. The Solana protocol and its cryptography were not at risk from the attack, it was further stated.
There are numerous rumors claiming that Slope may have kept track of user seed words on its centralized servers. The servers may have been taken over, exposing seed phrases that could have been used by hackers to carry out transactions.
Many people were led to believe there might be a larger problem with the Solana protocol by earlier reports of the attack on the day that claimed users of Slope and Phantom hot wallets were being targeted. Austin Fedora, the head of communications for Solana, shared additional analysis that showed the issue only affected hot wallets.
Although 60% of the attack’s victims used Phantom, according to Fedora, those who were impacted did not create their seed phrase with Phantom.
A group of Slope wallets, including some belonging to its own staff, were compromised in the breach, according to a statement Slope released on Wednesday regarding the status of its ongoing investigation into the incident.
Users of Slope wallets were urged by the team to create new, unique seed phrases and transfer all funds to them rather than leaving any money in an older Solana-based wallet that might still be vulnerable in the future. The Phantom team increased the caution by advising users to switch to a new non-Slope wallet and move their assets there.