Solana wallet provider Phantom says its systems were uncompromised in $4 million hack

Web3 wallet firm Phantom clarified late on Tuesday that its systems were not compromised prior to a wallet exploit, in which hackers have so far drained $4.08 million from 9,230 wallets.

On Tuesday, Phantom said, after nearly a week-long investigation, security auditors have not uncovered any vulnerabilities that could potentially tie it to the exploit.

“After almost a week of investigation, our team has not found any evidence that Phantom's systems were compromised during the August 2nd security incident,” the wallet provider said in a tweet.

Initially, it was believed that Solana wallet libraries linked to Phantom, Slope, and other wallet apps may have suffered a “supply chain attack” on the iOS mobile platform.

Later on, Solana developers traced the entire incident back solely to the Slope wallet application. The Solana team claimed all hacked addresses were at one point created, imported, or used in the Slope application.

This finding was also corroborated independently by security firm Otter, which alleged that seed phrases generated by Slope wallet were being mistakenly sent to its server and saved in plain readable text. Otter claimed that the low security standard likely led to the breach and allegedly hackers the ability to acquire the seed phrases and drain funds.

Notably, Phantom also pointed to a non-Phantom source responsible for some of its affected users. “While some Phantom users were affected, in each case we have reviewed, we found that they had imported their seed phrases/private keys to or from a non-Phantom wallet,” it said.

On August 4, Slope made a statement that it didn’t have a firm answer to the cause of the breach. In its most recent update on Monday, Slope said it is finishing its investigation, working with blockchain intelligence firm TRM Labs as well as law enforcement agencies.