- The Solana (SOL) hack yesterday already has a body count of over 8,000 wallets.
- Devs and crypto analysts confirmed the breach is not directly related to SOL blockchain.
- Mobile wallets provided by Slope Finance reportedly leaked the seed phrases due to the software flaw.
Entering day two of the shocking hack on the Solana (SOL) blockchain, which raided at least 8,000 wallets and looted over $8 million, the engineers behind Solana diagnosed that the affected wallets were first created or imported on Slope mobile wallet.
Another hack this year 🤯
— CoinMarketCap (@CoinMarketCap) August 4, 2022
Analysts believe that a flaw in wallet software may be to blame, rather than issues with the Solana blockchain itself. https://t.co/bl0s5Bn6uv
A Piece of Advice from Solana’s Co-Founder
Commenting on the situation, Solana’s co-founder, Anatoly Yakovenko, labeled the attacker as “lazy at driving all the paths.” Most importantly, Yakovenko didn’t beat around the bush and strongly recommended regenerating the seed phrase for any user who’s “touched” the Slope mobile wallet.
Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.
— SMS aey.sol, 🇺🇸 (@aeyakovenko) August 3, 2022
Apparently, the trouble began when Slope’s mobile wallet sent the seed phrases in plain text to a third-party external integration partner. As previously reported, Phantom users were also among the hardest-hit ones, but that happened because of the imported phrases from Slope. What’s more, the compromised wallets on the Ethereum (ETH) blockchain also suffered as a result of the reused seed phrases on Slope wallets.
As if that wasn’t enough, some crypto analysts believe that Slope might have logged their clients’ seed phrases on a centralized server, which would explain the $6 million exploit in a period of 10 minutes. Even though the investigation is ongoing, the developers and the ecosystem teams of Solana confirmed that the staggering $8M exploit is not to be blamed on the blockchain itself.
Correction - the Slope wallet did not send seed phrases to external partners, but may have logged them on their own centralized servers. Apologies for getting a bit ahead of myself, postmortem still in progress. Wait for an announcement from the team for true confirmation.
— foobar (@0xfoobar) August 3, 2022
Solana (SOL) Price Barely Affected
At press time, the 9th cryptocurrency by market cap, Solana (SOL), trades at $38.92, according to CoinGecko. Slightly in the red for the past week, SOL still has yearly gains in double digits at 13.5%.
On the Flipside
- Solana brings Web3 and the real world together in the new blockchain embassy in New York
Read more about recent exploits in crypto: the $190M Nomad Bridge drain
