The likely flash point in the latest hacking incident involving Solana may be Slope, a third-party hardware wallet provider. Slope, a web-based, non-custodial crypto wallet and browser extension, allows users to manage their crypto assets on the Solana blockchain.
The official Solana Twitter account highlighted that investigation shows affected addresses were at one point created, imported, or used in Slope mobile wallet applications. Slope hasn’t yet replied, but said that nothing is yet confirmed. There are various hypotheses about the latest exploit. The Slope team said its actively carrying out internal investigations and audits, and working with top external security and audit groups. It asked users to create a new and unique seed phrase wallet and to transfer their assets to it.
Initially, the issue was thought to be widespread as Phantom wallets were also drained. But it soon came to the fore that the Phantom wallets being exploited had not been Phantom-forever users. Austin Federa, the head of communications at Solana, said the drained Phantom wallets had also used Slope. As such, Phantom users were advised to send their assets to the non-Slope wallet.
Meanwhile, reports say that the breach does not come from unsatisfactory coding on Slope’s side either. It occurred due to Slope logging seed phrases on their servers. This may have led to about 9,000 wallets being drained of multiple cryptocurrencies – the largest amounts in SOL and USDC.
Elliptic, a blockchain consultancy firm, said the hack began on August 2 and $5.8 million has been stolen, so far, including SOL and NFTs. It believes the problem seems to be with the software used by certain wallets rather than the blockchain itself and a single hacker involved. However, the root cause is still unclear.