Solana developers link massive wallet hacking to Slope provider

What’s new? Solana blockchain developers have shared the interim results of their investigation into the hacking attack that compromised more than 8000 wallets on August 3. The project team found that the affected addresses were created, imported, or used in Slope mobile wallet apps.

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2— Solana Status (@SolanaStatus) August 3, 2022

What else is known about the incident? According to the blockchain’s developers, there is currently no evidence that the Solana protocol has been compromised. The investigation is ongoing, and the exploit has been isolated to one wallet on the network.

The Slope provider’s team also responded to the incident and confirmed a number of wallets had been compromised. The project’s representatives noted that they were working jointly with Solana to identify other possible vulnerabilities. They passed on information about the hack to law enforcement agencies. Slope urged users to create new wallets with other seed phrases to protect their funds and transfer all assets to them.

Nevertheless, until the root cause is found, we invite all Slope users to create a new seed phrase in a new wallet.Updates will be shared as the investigation in both the root causes and the asset recovery proceed.A huge thank you to @osec_io for their contribution so far!— Slope (@slope_finance) August 4, 2022

Slope is a non-custodial cross-chain wallet developed on the Solana blockchain. It also has a browser extension. It allows one to send and receive digital assets as well as interact with decentralized applications (dApps) on Solana and other blockchains.

As a result of the hack, hackers managed to withdraw more than $7 million in SOL tokens and USDC stablecoins from wallets, according to Watcher Guru. The attack was carried out by organizing a massive exploit and compromising the private keys of users’ hot wallets. The Phantom, Trust Wallet, and Slope wallets were hit the hardest, remaining inactive for more than 6 months.