Solana wallet provider Phantom says its systems were uncompromised in $4 million hack

Quick Take

  • Phantom said security auditors did not find any vulnerabilities in its systems in relation to the wallet exploit.
  • It was initially believed that Solana libraries linked to Phantom, Slope and other wallet apps suffered a “supply chain attack.”

Web3 wallet firm Phantom clarified late on Tuesday that its systems were not compromised prior to a wallet exploit, in which hackers have so far drained $4.08 million from 9,230 wallets.

On Tuesday, Phantom said, after nearly a week-long investigation, security auditors have not uncovered any vulnerabilities that could potentially tie it to the exploit.

“After almost a week of investigation, our team has not found any evidence that Phantom's systems were compromised during the August 2nd security incident,” the wallet provider said in a tweet.

Initially, it was believed that Solana wallet libraries linked to Phantom, Slope, and other wallet apps may have suffered a “supply chain attack” on the iOS mobile platform.

Later on, Solana developers traced the entire incident back solely to the Slope wallet application. The Solana team claimed all hacked addresses were at one point created, imported, or used in the Slope application.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

This finding was also corroborated independently by security firm Otter, which alleged that seed phrases generated by Slope wallet were being mistakenly sent to its server and saved in plain readable text. Otter claimed that the low security standard likely led to the breach and allegedly hackers the ability to acquire the seed phrases and drain funds.

Notably, Phantom also pointed to a non-Phantom source responsible for some of its affected users. “While some Phantom users were affected, in each case we have reviewed, we found that they had imported their seed phrases/private keys to or from a non-Phantom wallet,” it said.

On August 4, Slope made a statement that it didn’t have a firm answer to the cause of the breach. In its most recent update on Monday, Slope said it is finishing its investigation, working with blockchain intelligence firm TRM Labs as well as law enforcement agencies.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]