Solana Network Was Not Breached, Slope Wallet Blamed

“Private key information was inadvertently transmitted,” Solana Status tweeted

by Ornella Hernandez /
article-image

Source: Shutterstock

share

key takeaways

  • Investigations suggest private keys were exposed and transferred to third party
  • Slope recommended users to open a new Slope wallet with a new seed phrase and transfer any assets to the new wallet

Solana developers are distancing the protocol from a series of hacks that resulted in nearly 8,000 Solana wallets suddenly being emptied of their contents in the last 24 hours.

Solana Status, the blockchain’s hub for data and system performance, said “there is no evidence that the Solana protocol or its cryptography was compromised.” 

What exactly caused the hack, then, is up in the air, but it appears to have originated from a vulnerability in Solana hot wallets and assorted third-party extensions. The breach impacted millions of dollars of the blockchain’s native token, SOL, non-fungible tokens (NFTs) and Solana-based tokens, including the stablecoin USDC.

The breach appears to have affected addresses that “were at one point created, imported, or used in Slope [Finance] mobile wallet applications,” according to Solana Status.

That would isolate the incident to Slope accounts, and to an exploit in “private key information” that was “transmitted to an application monitoring service” or third party. 

Loading Tweet..

As such, seed phrases that Slope had access to could have exposed wallets to the unidentified hackers.

That appears to be why many Phantom wallets were also compromised, likely “due to complications related to importing accounts to and from a Slope wallet,” Phantom tweeted

Phantom also encouraged users to create a new non-Slope wallet with a fresh seed phrase to move their assets to, in response to a statement published by Slope.

Slope recommended users create a new wallet on its network with a corresponding, unique seed phrase, and transfer any assets to this new wallet. It also reiterated its commitment to “identify and rectify” the issue, but it has not “fully confirmed the nature of the breach.” 

Consensus points to Slope being able to store users’ encrypted private keys and seed phrases, decipher them as plain text and transfer them to their own centralized servers, as suggested by developer 0xfoobar.

Arthur Breitman, co-founder of Tezos, told Blockworks he believes there will likely be a bailout from venture capital firms and other asset managers, “even though this opens them up to unverifiable fraudulent claims.”

Anatoly Yakovenko, Solana Labs co-founder, tweeted that users ought to “order a ledger, setup a cold wallet!” 

Loading Tweet..

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Markets

Gox Watch: Repayments now 39% complete with $5.4B left to go

Mt. Gox has made decent headway with repayments, but they could ramp up from here

by David Canellis /
article-image

Business

Ledger doubles down with second touchscreen-focused product

Firm known for crypto hardware wallets set to bring another touchscreen option to consumers

by Ben Strack /
article-image

Analysis

Empire Newsletter: Crypto’s next wave of smart money

Plus, BlackRock’s BUIDL is paying out steady yield — and those dividends are growing

by Katherine Ross&David Canellis /
article-image

DeFi

Jito unveils code for Solana restaking network

Solana’s biggest liquid staking provider takes a meaningful step towards restaking

by Jack Kubinec /
article-image

DeFi

Blast incentives aim to attract strong devs, as value leaks

BLAST token skids as Season 2 points plan earns mixed reviews

by Macauley Peterson /
article-image

Analysis

On the Margin Newsletter: Behind the most important economic paper of the year

Plus, a look at the top asset-gathering ETH ETFs after two days of trading

by Felix Jauvin&Ben Strack&Casey Wagner /