en
Back to the list

Slope Wallet Blamed for Solana Mayhem – Here’s How to Protect Yourself

source-logo  beincrypto.com 04 August 2022 07:30, UTC

A postmortem into the recent security exploits on the Solana ecosystem has highlighted Slope as the genesis of the breach, amplifying the calls for a transition to hardware wallets.

Slope, a Web3 wallet service provider for Solana, has been blamed for the loss of funds in the Solana ecosystem. 

“After investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet application,” read a tweet from Solana Status.

Slope’s team conceded that a “cohort of Slope wallets were compromised in the breach” and both staff and founders’ wallets were drained in the attack. The team confirmed that it is carrying out an internal investigation and a comprehensive security audit in conjunction with blockchain security outfits.

The attack began on Aug 2 with widespread reports of users losing their SOL tokens from their wallets. 24 hours later, $8 million worth of SOL had been pilfered by the attacker from almost 8,000 wallets.

Solana remains safe

Contrary to the early reports, the new data suggests that Solana’s cryptography was not compromised. An investigation into the exploit by the Solana foundation revealed that private keys for Slope wallets were “inadvertently transmitted to an application monitoring service.”

Another hypothesis for the attack was that Slope stored the seed phrases of addresses on a central server, making the attack a straightforward application. The attack left SOL trading at $39.36, a far cry from its seven-day high of $46.48.

Users advised to discard their Slope wallets

In the statement, the wallet providers advised users to create new non-Slope seed phrase wallets without using the same seed phrase in previous wallets. “If you’ve used Slope at all, consider those wallets burned,” said one security expert.

The breach has amplified the call for investors to explore the possibility of hardware wallets. Slope confirmed that hardware wallets were not compromised in any way, while Anatoly Yakovenko, Solana’s founder, advised users to adopt “cold/hot wallet separation.”

Reports indicate that the attacker was also draining both Phantom wallets. Austin Federa, Solana’s head of communication, disclosed that data obtained showed that the team could not find a single Phantom-forever user that lost their holdings, making a case for the use of cold wallets.

beincrypto.com