Solana and Slope Wallet Users Drained in Suspected Exploit

Users are recommended to move SOL tokens to a ledger as well as revoke trusted apps or lock them up via staking

by Sebastian Sinclair /
article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Users of the Phantom wallet are complaining of funds being drained without their consent
  • Several commentators are pointing toward an exploit relating to the wallet or NFT marketplace Magic Eden

Users of Solana digital wallets Phantom and Slope are claiming millions have been stolen from an unknown exploit linked to the wallets or associated trusted apps.

According to several users and market participants, the exploit on either the Solana network or the native wallets is draining users’ funds despite being disconnected from web browsers or actioning any transfers. Exact details of the exploit are not yet known.

“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” the Phantom team told Blockworks. “At this time, the team does not believe this is a Phantom-specific issue.” The exact amount stolen from users’ wallets is not yet known.

Newsletter

Subscribe to Blockworks Daily

Users said they are receiving notifications that they are sending tokens to an unknown set of addresses. The total amount of funds drained so far is suspected of totaling more than $6 million in solana (SOL) from more than 7,760 wallets. Blockworks was unable to immediately independently verify the total amount taken. 

Loading Tweet..

Users from web-based cryptocurrency wallet Slope are also reporting incidents of an exploit. The attacker is claimed to be making off with both SOL and Solana Program Library (SPL) tokens.

One user, going by the handle @Paladin on Twitter, told Blockworks several people familiar with the situation had their wallets “drained randomly.”

“They lost thousands and most of their money, so they are quite depressed,” they said. “Move coins to a ledger and disconnect every trusted website.”

Paladin pointed to two large wallet addresses suspected of belonging to the exploiter, which have a combined balance of roughly 37,777 SOL ($1.5 million). A third wallet, with roughly 2,402 SOL ($95,000) is continuing to see funds drained to its address as a result of the exploit, Paladin said.

The exploit appears to be impacting all Solana-based tokens with recommendations for moving coins to a ledger, revoking trusted apps like NFT marketplace Magic Eden, or locking them up via staking.

Hacks and exploits relating to DeFi and NFTs (non-fungible tokens) continue to mount. Last month, Blockworks reported hacks totaled more than $1.2 billion for the first quarter of this year alone in what appears to be an increase in frequency for the budding sector.

Continuous hacks “is fundamentally an unsolvable problem,” Immunefi’s CEO Mitchell Amador told Blockworks in an interview at the time. “We knew things were going to go in this direction. The volatility is a part of crypto, the amount of money flowing in was going to increase.”

Updated on August 2, 2022, at 11:40 pm ET: Changed headline and copy to reflect Slope Wallet users also affected by the exploit. Updated Phantom’s team response.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Digital Asset Summit 2025

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (6).png

Research

THORChain: The Prices are Going Higher

In recent months, a number of highly accretive developments were implemented across the protocol to improve fee capture, expand product functionality, and ultimately drive value accrual to the RUNE token, with more upgrades on the immediate horizon. These developments include hiking the minimum swap fee parameter to increase revenue, adding a Burn System Income Lever to reduce the RUNE supply, the addition of COSM-WASM smart contracting and IBC to enable an application layer, new chain integrations, and more.

by Luke Leasure

/

news

article-image

Policy

Binance exec Tigran Gambaryan denied bail in Nigeria

Former IRS agent and Binance executive Tigran Gambaryan will remain imprisoned in Nigeria’s Kuje prison

by Katherine Ross /
article-image

Web3

Politics and memecoins drive the conversation on day 2 of Permissionless

When Permissionless III wraps on Friday, there will be 26 days left until the 2024 presidential election

by Casey Wagner /
article-image

Forward Guidance Newsletter

Latest inflation data comes in hotter than expected, led by housing costs

Plus, an update from the ground in Salt Lake City at Permissionless III

by Felix Jauvin&Ben Strack&Casey Wagner /
article-image

Policy

SEC files lawsuit against crypto market-maker Cumberland DRW

The US regulator accused the crypto market-making firm of acting as an unregistered dealer

by Michael McSweeney /
article-image

Sponsored

TRON DAO hosted the TRON Builder Tour at Columbia University with Blockchain at Columbia and Boston University Blockchain

The 12-hour event attracted over 120 sign-ups

article-image

Lightspeed Newsletter

Stripe reintegrates crypto payments in the US

Customers can pay merchants in USDC or USDP on Ethereum, Solana, and Polygon, while US-based merchants are paid in dollars

by Jack Kubinec /