Solana Network Was Not Compromised; Slope Wallet Was Responsible
“Private key information was accidentally sent,” tweeted Solana Status.
Solana developers are separating the protocol from a series of attacks that resulted in the unexpected emptying of over 8,000 Solana wallets during the last 24 hours.
Solana Status, the blockchain’s data and system performance centre, said, “There is no proof that the Solana protocol or its cryptography were hacked.”
The actual root of the attack is unknown; however, it seems to have started from a flaw in Solana hot wallets and other third-party extensions. The compromise affected millions of dollars worth of the blockchain’s native currency, SOL, as well as non-fungible tokens (NFTs) and other Solana-based tickets, such as the stablecoin USDC.
According to Solana Status, the compromise seems to have impacted addresses that “were at one time generated, imported, or utilised in Slope [Finance] mobile wallet apps.”
This would confine the event to Slope accounts and a vulnerability in “private key information” supplied to an application monitoring provider or third party. Therefore, the seed phrases that Slope had access to may have exposed wallets to unknown hackers.
This is likely “because to problems associated with importing accounts to and from a Slope wallet,” according to a tweet from Phantom.
In reaction to Slope’s remark, Phantom also urged users to build a new non-Slope wallet with a new seed phrase to store their assets.
Slope advised users to establish a new wallet on its network with a unique seed phrase and to move any assets to this wallet. In addition, it reaffirmed its commitment to “identify and remedy” the problem, although it has not “completely verified the nature of the breach.”
As proposed by developer 0xfoobar, consensus indicates that Slope may keep users’ encrypted private keys and seed phrases, decrypt them as plain text, and move them to their centralised servers.
Arthur Breitman, the co-founder of Tezos, told Blockworks that he expects venture capital companies and other asset managers would likely provide a bailout, “even if this exposes them to unverifiable bogus claims.”
Co-founder of Solana Labs, Anatoly Yakovenko tweeted that consumers should “order a ledger and set up a cold wallet!”