Thousands of Solana users collectively lost about $4.5 million worth of SOL and other tokens from Tuesday night into early Wednesday, and now there’s a likely explanation for why: it’s being blamed on a private key exploit tied to mobile software wallet Slope.
On Wednesday afternoon, the official Solana Status Twitter account shared preliminary findings through collaboration between developers and security auditors, and said that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure,” the thread continues. “While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.”
“There is no evidence the Solana protocol or its cryptography was compromised,” the account added.
Some Phantom wallets were also drained of their SOL and tokens in the attack, however it appears that those wallets’ holders had previously interacted with a Slope wallet. “Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope,” the Phantom team tweeted today.
Slope released its own statement just before the Solana Status thread. It acknowledges that Slope wallets were included in the hack, but does not specifically detail what happened, nor has the firm taken responsibility for the attacks.
“We have some hypotheses as to the nature of the breach, but nothing is yet firm,” it reads in part. “We feel the community's pain, and we were not immune. Many of our own staff and founders' wallets were drained.”
“We are still actively diagnosing, and are committed to publishing a full postmortem, earning back your trust, and making this as right as we can,” Slope’s team wrote.
According to blockchain explorer Solscan, it’s been more than five hours since one of the four attacking wallets drained cryptocurrency or tokens from any susceptible wallet. All told, the attackers took an estimated $4.46 million worth of crypto from what the Solana Status account said were about 8,000 unique wallets.
The attack started on Tuesday night, and many Solana users and platforms initially suspected that wallets were being exploited through previously granted permissions to a smart contract. However, the transactions were being signed by the wallets in question, suggesting compromised private keys.
Slope recommends that its users create a new wallet with a brand new seed phrase and transfer funds to it. Also, hardware wallets have been unaffected by the hack, and are also recommended for keeping assets secure amid the potentially still ongoing exploit situation.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
