Table of contents
Solana’s blockchain hacking may have occurred due to security breaches in Slope, Solana’s blockchain wallet. Check out Twitter polls and official press releases for the latest on the Solana hacker saga!
Slope has been identified as responsible for the raid!
The hack, launched very early this Wednesday, quickly made some things stand out. First, wallets that have been inactive for more than 6 months are more likely to be hacked. Secondly, all stripped users had one thing in common: an active wallet on Slope and / or Phantom. If the majority of dissatisfied users are using the latter, it appears that the bug actually came from Slope. More precisely, them mobile wallet.
As Solana Status’s Twitter account explains:
After investigation by developers, ecosystem teams, and security reviewers, it emerged that the affected addresses had been created, imported, or used in Slope mobile wallet applications at some point. […] The hardware wallets used by Slope remain secure. Details of exactly how this happened are still under investigation, but private key information was accidentally leaked to the application monitoring service.
A Twitter thread posted by Solana Status adds that there is no evidence that the Solana protocol and its cryptographic system were compromised by this hack. Separate investigations on Twitter lead to the same conclusions, clearly defining a common point for all compromised wallets:Using these addresses in the Slope mobile wallet.
Private key management for an amateur?
When it appears that a hacker’s entry point has been found, users quickly wonder how it was possible. Again, Twitter provides the answers. To some Twitter researchers, it appears that the private key store is the source of this hack. Indeed, as shown Twitter account 0xfoobar, users’ private keys would be stored on a central server, greatly reducing their security. This mistake could become the epicenter of many hours of hacking.
In any case, this explanation seems plausible. Because remember that all suspicious transactions turned out to be authentic and signed by the owners of the wallets in question. This process could also explain the hectic pace of hacking, with 20 accounts hacked every minute.
If Slope doesn’t confirm this information, the company’s messages will be very similar to Meakulpa. In a press release, the teams expressed a desire to “quickly regain user trust”. At the moment no official communication allows us to confirm this theory 100%. The next few days will probably make it even clearer. Either way, the hardest part seems to be over, and the hack is indeed over. But the losses from this hack could be even higher than current estimates. Estimates range from $ 5 million to $ 10 million stolen by a pirate. More than 7,000 wallets would have been compromised in this way.
If the episode affected Solana’s price, then everything seems to be back to normal. Ultimately, the fact that the security of the blockchain itself has not been compromised is great news for the entire ecosystem.
Also Read: Choosing a Safe Crypto Wallet!