Solana Hack Blamed on Slope Mobile Wallet Exploit

In brief

  • The large-scale Solana wallet hack, which started on Tuesday night, is believed to be tied to the Slope mobile wallet app.
  • Solana’s developers believe that private key details for affected wallets were “inadvertently transferred” to a third party.

Thousands of Solana users collectively lost about $4.5 million worth of SOL and other tokens from Tuesday night into early Wednesday, and now there’s a likely explanation for why: it’s being blamed on a private key exploit tied to mobile software wallet Slope.

On Wednesday afternoon, the official Solana Status Twitter account shared preliminary findings through collaboration between developers and security auditors, and said that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”

“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure,” the thread continues. “While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.”

“There is no evidence the Solana protocol or its cryptography was compromised,” the account added.

Some Phantom wallets were also drained of their SOL and tokens in the attack, however it appears that those wallets’ holders had previously interacted with a Slope wallet. “Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope,” the Phantom team tweeted today.

Slope released its own statement just before the Solana Status thread. It acknowledges that Slope wallets were included in the hack, but does not specifically detail what happened, nor has the firm taken responsibility for the attacks.

“We have some hypotheses as to the nature of the breach, but nothing is yet firm,” it reads in part. “We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.”

“We are still actively diagnosing, and are committed to publishing a full postmortem, earning back your trust, and making this as right as we can,” Slope’s team wrote.

According to blockchain explorer Solscan, it’s been more than five hours since one of the four attacking wallets drained cryptocurrency or tokens from any susceptible wallet. All told, the attackers took an estimated $4.46 million worth of crypto from what the Solana Status account said were about 8,000 unique wallets.

The attack started on Tuesday night, and many Solana users and platforms initially suspected that wallets were being exploited through previously granted permissions to a smart contract. However, the transactions were being signed by the wallets in question, suggesting compromised private keys.

Slope recommends that its users create a new wallet with a brand new seed phrase and transfer funds to it. Also, hardware wallets have been unaffected by the hack, and are also recommended for keeping assets secure amid the potentially still ongoing exploit situation.

Stay on top of crypto news, get daily updates in your inbox.