Crypto wallet provider Slope has been connected to the recent hacking of over 8,000 Solana-based hot wallets, resulting in a loss of over USD $8M worth of funds. The web3 non-custodial Slope wallets, along with a browser extension, allow users to manage assets on the Solana layer-1 (L1) blockchain. The hack was believed to be caused by bad security practices—such as a leak of users’ private keys, but investigation is still underway.
The team behind the Solana (SOL) blockchain has tied the widespread hack that affected over 8,000 wallets and resulted in the loss of over USD 8m worth of funds to the closed-source Slope wallet.
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” the official Solana Status Twitter account said.
In an official statement, Slope neither confirmed nor rejected the claim, but said that “nothing is yet firm” and that they currently have “some hypotheses as to the nature of the breach.”
“We are actively conducting internal investigations and audits, working with top external security and audit groups,” the Slope team said, asking users to create a new and unique seed phrase wallet and transfer all their assets to this new wallet.
Slope is a web-based, non-custodial crypto wallet and browser extension that allows users to manage assets on the Solana blockchain.
As reported, an ongoing Solana hack that affected more than 8,000 wallets drained millions worth of funds from users. The exact amount of lost funds varied between USD 4.5m and USD 8m worth of funds, depending on the source, but per the dashboard provided by the scanning tool for the Solana ecosystem, Solscan, at 7:30 UTC on Thursday morning, a total of USD 8.58m has been transferred to the hacker’s wallets so far.
The Solana team has rejected any possibility that the hack was a result of a bug with the blockchain’s core code. “This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network,” the team said.
The Phantom wallet team, who had previously assured users that the Solana hack is not “a Phantom-specific issue” despite the fact that some Phantom wallets were drained, noted that those wallets’ holders had previously interacted with a Slope wallet.
“Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope,” the Phantom team tweeted.
Meanwhile, the crypto developer who goes by Foobar on Twitter claimed that the Slope wallet may have logged plaintext seed phrases on their own centralized servers.
“My god, so Slope was sending plain text private key and seed phrases to a server,” crypto veteran Adam Cochran said. “There is absolutely no acceptable design reason for that. I expected a string appending somewhere incorrectly as a leak but this is labelled… what the hell?”
The widespread hack ostensibly began on Tuesday, as users started reporting that their funds were drained without their knowledge from major hot wallets, including Phantom, Slope, and TrustWallet. Some affected users claimed that they haven’t interacted with any contracts in more than 40 days.
Blockchain security firms were quick to determine that transactions were signed by the actual owners, suggesting some sort of private key compromise. The hack did not affect hardware wallets.
Notably, despite the large extent of the hack, Solana’s native token SOL has held on pretty well. At 7:30 UTC on Thursday morning, it’s trading at USD 39.32, up 1.8% in a day and down 2.3% in a week.