Solana Investigation Indicates Wallet Mining Linked to Slope Mobile App

Following the Solana Wallet attack, the Solana Status team informed the public and clarified that the wallet addresses affected by the breach were linked to the Slope mobile wallet apps. The team further pointed out that “there is no evidence that the Solana protocol or its cryptography has been compromised.”

Solana’s status report indicates that the affected addresses were created at some point in the Slope mobile wallet apps

Over the past 48 hours, the Solana team has faced an attack that has compromised thousands of Solana-based wallets. At the time, Solana Labs co-founder and CEO Anatoly Yakovenko thought the exploit may have come from a supply chain attack. He explained that both iOS and Android wallets were affected when he said: “most reports are Slope, but a few Phantom users as well.”

On August 3, 2022, the Solana Status The Twitter account explained that the addresses affected by the hack were linked to Slope mobile wallet apps. “After investigation by developers, ecosystem teams, and security auditors, it appears that the affected addresses were at some point created, imported, or used within the Slope mobile wallet apps,” Solana Status wrote. . “This exploit has been isolated to a wallet on Solana, and the hardware wallets used by Slope remain secure.” Solana Status said:

Although the details of exactly how this happened are still being investigated, information about the private key was inadvertently passed to an application monitoring service. There is no evidence that the Solana protocol or its cryptography has been compromised.

Slope Finance has released an official statement from the wallet team and details of the breach are vague. Slope said: “A cohort of Slope wallets have been compromised in the breach, we have some assumptions as to the nature of the breach, but nothing is firm yet, [and] we feel the pain of the community and we were not immune. Many of our own staff and founder portfolios have been depleted. Slope also added that the team is actively conducting internal investigations and audits, while working with security and audit groups.

Security experts say Slope’s seed sentences were recorded in readable plain text

During the official statement, the Slope team further recommended Slope wallet users to “create a new single seed phrase wallet and transfer all assets to this new wallet.” Slope added:

If you are using a hardware wallet, your keys have not been compromised.

Data from Dune Analytics shows that there were more unique addresses affected by the breach than originally reported. Statistics show that 9,223 unique addresses suffered from the bug and $4,088,121 in crypto was stolen. Most of the hacked assets consisted of solana (SOL) and SOL-based USDC.

It is to be said that Slope’s mnemonic seed phrases uploaded to Slope’s server were saved as readable text. The Slope Wallet team is said to have stored the mnemonics in debug logging software through a centralized Sentry server. Security experts at Ottersec detailed that “anyone with access to Sentry could access [a] the user’s private keys. Ottersec also noted that the Slope team was “very helpful in sharing hack-related data.”

Keywords in this story

altcoin, Altcoins, Anatoly Yakovenko, Dune Analytics, Exploit, Hacker, Hackers, Phantom, Slope, Slope App, Slope Finance, Slope Mobile, Slope Wallet, SOL, SOL Wallet Hack, SOL Based USDC, Solana, Solana Labs CEO , Solana Co-founder of Labs, Solana Wallet Exploit, Vulnerability

What are your thoughts on the issues with the Slope Wallet and the recent exploit that affected Solana users? Let us know your thoughts on this in the comments section below.

Jamie Redman

Jamie Redman is the News Manager at News and a fintech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He is passionate about Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written over 5,700 articles for News about disruptive protocols emerging today.

Image credits: Shutterstock, Pixabay, Wiki Commons

Disclaimer: This article is for informational purposes only. This is not a direct offer or the solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service or company. does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Casey J. Nelson