Multimillion-dollar Solana cryptocurrency theft linked to Slope mobile wallet


Earlier this week, thousands of crypto wallets linked to the Solana ecosystem were drained by attackers who used owners’ private keys to steal both Solana (SOL) and USD Coin (USDC). Solana now says that after investigations by developers, ecosystem teams and security auditors, the attack was tied to accounts linked to the Slope mobile wallet app.

A graph created on Dune to track the attacks estimated the amount of cryptocurrencies stolen at just over $ 4 million, from over 9,000 unique wallets.

Slope Finance, which advertises itself as the easiest way to discover Web3 applications from a safe place, released a statement advising all Slope users to create a new portfolio of initial phrases and transfer all assets into this new wallet. The blog post indicates that many of Slope’s employee wallets were also emptied, but notes that hardware wallets (also known as cold wallets, which are not connected to the internet) were not affected.

Read more:  ApeCoin: ¿Causará preocupación la extrema volatilidad del APE?

This exploit was isolated on a wallet on Solana and the hardware wallets used by Slope remain safe.

Although the exact details of this are still under study, the private key information was inadvertently sent to an application monitoring service. 2/3

Solana State (@SolanaStatus) August 3, 2022

Slope did not provide details on how the attack took place, but strangers have uncovered evidence that the company’s mobile apps transmit users’ private keys unencrypted as part of their registration and telemetry.

In a tweet, Solana Group said: “Details of how this happened are still under investigation, but the private key information was inadvertently passed on to a security monitoring service. Applications.” The company added: There is no evidence that the Solana protocol or its encryption has been compromised.

Read more:  Ethereum Merge coming soon: ETH rises in the rankings

Some Solana users who held funds in wallets managed by a third-party Phantom were also hit, but Phantom itself firmly blamed the breach at the Slopes gates.

Phantom has reason to believe the reported exploits stem from complications with importing accounts to and from @slope_finance, the company tweeted. If Phantom users have installed other wallets in the meantime, we recommend that you try moving your assets to a new non-Slope wallet with a new seed phrase.

Finanzas News