Earlier this week, thousands of crypto wallets connected to the Solana ecosystem were drained by attackers who used owners’ private keys to steal both Solana (SOL) and USD Coin (USDC). Solana now says that, after an investigation “by developers, ecosystem teams, and security auditors,” it’s linked the attack to accounts tied to the Slope mobile wallet app.
A chart set up on Dune to track the attacks tallies the amount of crypto stolen at just over $4 million, taken from over 9,000 unique wallets.
Slope Finance, which calls itself “the easiest way to discover web3 applications from one secure place,” has issued a statement advising all Slope users to create “a new and unique seed phrase wallet, and transfer all assets to this new wallet.” The blog post says “many” wallets belonging to Slope staff were also drained but notes that hardware wallets (also known as cold wallets, which are not connected to the internet) were unaffected.
Slope did not provide details of how the attack happened, but outsiders have uncovered evidence that the company’s mobile apps were transmitting users’ private keys unencrypted as part of their logging and telemetry.
In a tweet, the Solana group said, “The details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.” The company added: “There is no evidence the Solana protocol or its cryptography was compromised.”
Some Solana users keeping funds on wallets operated by third-party Phantom were also affected, but Phantom itself has placed blame for the breach firmly at Slope’s doorstep.
“Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance,” the company tweeted. “In the meantime, if any Phantom users have also installed other wallets, we recommend you try to move your assets to a new non-Slope wallet with a fresh seed phrase.”