Solana team traces exploit back to Slope mobile wallets

Quick Take

  • Solana developers say affected addresses in Tuesday night’s hack “were at one point created, imported, or used in Slope mobile wallet applications.”
  • Slope has confirmed that a cohort of its wallets were compromised in the incident. 

An investigation into Tuesday night's hack on the Solana blockchain has revealed affected addresses "were at one point created, imported, or used in Slope mobile wallet applications," according to a Twitter account dedicated to Solana blockchain status updates. 

Developers, ecosystem teams and security auditors carried out the investigation, the group, which goes by the handle "@SolanaStatus," said on Twitter. 

Earlier today the group clarified that it did not believe the breach originated in a bug of Solana core code, and it pointed the finger at the software used by "several software wallets popular among users of the network." Now, it's pointing to Slope as one such service.

"While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service," the group said in a tweet

Slope Finance published a statement soon after the developer tweets. The firm confirmed that a cohort of its wallets were compromised in the breach, though it did not speculate on how the exploit originated. 

"We have some hypotheses as to the nature of the breach, but nothing is yet firm," Slope Finance said in a Medium post.

It recommended users create a new seed phrase wallet and transfer all assets to the new wallet. Those using a hardware wallet have not been compromised. The firm is continuing to work with "developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify" the situation. 

"We are still actively diagnosing, and are committed to publishing a full postmortem, earning back your trust, and making this as right as we can," Slope said.

Reports from users of Phantom and Slope surfaced Tuesday night, claiming wallets had been drained of SOL and SPL in an apparent exploit on the Solana network. As of 5 a.m. UTC, almost 8,000 wallets had been affected, though hardware wallets were not impacted.

The exploit was likely a "supply chain attack" on wallets using Apple's iOS operating system, Solana Labs co-founder and CEO Anatoly Yakovenko said on Twitter earlier on Wednesday.


© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Aislinn Keely joined The Block in the summer of 2019. She is a member of the outlet's policy team, holding down the legal beat. Before The Block, she lent her voice to the NPR affiliate WFUV, where she reported and anchored newscasts in addition to some podcast work. Aislinn is a proud Fordham Ram and editor-in-chief emerita of its newspaper. When she isn't writing or reporting, Aislinn is running and rock climbing.

More by Aislinn Keely