There is a likely explanation for why thousands of Solana users lost SOL and other tokens worth $4.5 million from Tuesday night to early Wednesday. A private key exploit linked to the mobile software wallet Slope is currently the subject of a report.
According to a tweet from Solana Status on Wednesday, the attack’s primary cause was an unintentional exposure of users’ private keys from the Slope wallets’ backend.
The vulnerable addresses appear to have been created, imported, or used in Slope mobile wallet programmes, according to early results released on the official Solana Status Twitter account by developers and security auditors.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
The Solana team also ruled out the idea that the attack came about because of a flaw in the blockchain’s core code.
“This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network,” the team said.
Not a Phantom-specific issue
Even though several Phantom wallets were drained, the team, who had previously told users that the Solana attack was not “a Phantom-specific issue,” highlighted that the owners of those wallets had previously interacted with a Slope wallet.
“Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope,” the Phantom team tweeted.
1/ Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance.
We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident. https://t.co/W5B19gbMJX
— Phantom (@phantom) August 3, 2022
Additionally, the Phantom wallet advises that in the meantime, if any Phantom users have installed other wallets, they should try to transfer their assets to a new non-Slope wallet with a new seed phrase.
