Solana and Slope Wallet Users Drained in Suspected Exploit

Users are recommended to move SOL tokens to a ledger as well as revoke trusted apps or lock them up via staking

article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Users of the Phantom wallet are complaining of funds being drained without their consent
  • Several commentators are pointing toward an exploit relating to the wallet or NFT marketplace Magic Eden

Users of Solana digital wallets Phantom and Slope are claiming millions have been stolen from an unknown exploit linked to the wallets or associated trusted apps.

According to several users and market participants, the exploit on either the Solana network or the native wallets is draining users’ funds despite being disconnected from web browsers or actioning any transfers. Exact details of the exploit are not yet known.

“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” the Phantom team told Blockworks. “At this time, the team does not believe this is a Phantom-specific issue.” The exact amount stolen from users’ wallets is not yet known.

Users said they are receiving notifications that they are sending tokens to an unknown set of addresses. The total amount of funds drained so far is suspected of totaling more than $6 million in solana (SOL) from more than 7,760 wallets. Blockworks was unable to immediately independently verify the total amount taken. 

Loading Tweet..

Users from web-based cryptocurrency wallet Slope are also reporting incidents of an exploit. The attacker is claimed to be making off with both SOL and Solana Program Library (SPL) tokens.

One user, going by the handle @Paladin on Twitter, told Blockworks several people familiar with the situation had their wallets “drained randomly.”

“They lost thousands and most of their money, so they are quite depressed,” they said. “Move coins to a ledger and disconnect every trusted website.”

Paladin pointed to two large wallet addresses suspected of belonging to the exploiter, which have a combined balance of roughly 37,777 SOL ($1.5 million). A third wallet, with roughly 2,402 SOL ($95,000) is continuing to see funds drained to its address as a result of the exploit, Paladin said.

The exploit appears to be impacting all Solana-based tokens with recommendations for moving coins to a ledger, revoking trusted apps like NFT marketplace Magic Eden, or locking them up via staking.

Hacks and exploits relating to DeFi and NFTs (non-fungible tokens) continue to mount. Last month, Blockworks reported hacks totaled more than $1.2 billion for the first quarter of this year alone in what appears to be an increase in frequency for the budding sector.

Continuous hacks “is fundamentally an unsolvable problem,” Immunefi’s CEO Mitchell Amador told Blockworks in an interview at the time. “We knew things were going to go in this direction. The volatility is a part of crypto, the amount of money flowing in was going to increase.”

Updated on August 2, 2022, at 11:40 pm ET: Changed headline and copy to reflect Slope Wallet users also affected by the exploit. Updated Phantom’s team response.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg

Research

In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.

article-image

Revolut said that the standalone crypto exchange is currently “invite only”

article-image

The stock price jump comes after Coinbase reported ending its seven-quarter run of net losses during the fourth quarter

article-image

BUZZ holds shares of Coinbase, Robinhood and MicroStrategy

article-image

Opinion: Even though I didn’t pay for my “Diamond Hands” burger with BTC, don’t let that fool you into thinking that crypto’s development is futile

article-image

The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally

article-image

While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders