- The Solana (SOL) hack yesterday already has a body count of over 8,000 wallets
- Devs and crypto analysts confirmed the breach is not directly related to SOL blockchain
- Mobile wallet provided by Slope Finance reportedly leaked the seed phrases due to software flaw
Entering day two of the shocking hack on the Solana (SOL) blockchain which raided at least 8,000 wallets and looted over $8 million, the engineers behind Solana diagnosed that the affected wallets were first created or imported on Slope mobile wallet.
Another hack this year Analysts believe that a flaw in wallet software may be to blame, rather than issues with the Solana blockchain itself. https://t.co/bl0s5Bn6uvA Piece of Advice from Solana’s Co-Founder— CoinMarketCap (@CoinMarketCap) August 4, 2022
Commenting on the situation, Solana’s co-founder Anatoly Yakovenko labelled the attacker as ‘lazy at driving all the paths’. Most importantly, Mr. Yakovenko didn’t beat around the bush and strongly recommended regenerating the seed phrase for any user who ‘touched’ Slope mobile wallet.
Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.Apparently, the trouble began when Slope’s mobile wallet sent the seed phrases in plain text to a third party external integration partners. As previously reported, Phantom users were also among the hardest-hit ones, but that happened because of the imported phrases from Slope. What’s more, the compromised wallets on Ethereum (ETH) blockchain also suffered as a result of the reused seed phrases on Slope wallet.— SMS aey.sol, (@aeyakovenko) August 3, 2022
As if that wasn’t enough, some crypto analysts believe that Slope might have logged their clients’ seed phrases on a centralized server, which would explain the $6 million exploit in a period of 10 minutes. Even though the investigation is ongoing, the developers and the ecosystem teams of Solana confirmed that the staggering $8M exploit is not to be blamed on the blockchain itself.
Correction - the Slope wallet did not send seed phrases to external partners, but may have logged them on their own centralized servers. Apologies for getting a bit ahead of myself, postmortem still in progress. Wait for an announcement from the team for true confirmation.Solana (SOL) Price Barely Affected— foobar (@0xfoobar) August 3, 2022
At press time, the 9th cryptocurrency by market cap, Solana (SOL), trades at $38.92, according to CoinGecko. Slightly in the red for the past week, SOL still has yearly gains in double digits at 13.5%.
On the Flipside
- Solana brings Web3 and real world together in the new blockchain embassy in New York
Read more about recent exploits in crypto: the $190M Nomad Bridge drain