Image default

The Slope wallet at the origin of the Solana hack (SOL)

The wallet Slope has been identified as the source of the recent hack having compromised nearly 8000 wallets from Solana (SOL).

Sloppy job

Solana developers have discovered that the addresses involved in the hack have one thing in common: an interaction with the wallet Slope.

“It seems that the affected addresses were at some point created, imported or used via the Slope mobile wallet”, can be read on Solana’s twitter account.

Here is what the description of the Slope app says on Google store :

” Slope wallet allows you to import an ethereum wallet. It is possible to store ETH there or clone ETH on Solana to take advantage of instant transactions on ETH for a cost 1000 times lower! »

Slope is a non-custodial wallet (but not open-source) specific to the Solana ecosystem. « Non-custodial ” means that their users hold their private keys themselves.

Nevertheless, the wallet offers services related to DeFi, NFTs and ETH cross-chain. So many potential loopholes since these gas plants may need to temporarily import seed sentence on their servers.

That’s what @0xfoobar suggests :

” Correction – the Slope wallet did not send seed phrases to external partners, but may have saved them on its own servers. […] Wait for an announcement from the team for confirmation. »

For the moment, “the details of exactly how this happened are still being investigated” Solana communicated. The firm still suspects that the private keys would have been transmitted “inadvertently to a monitoring app”…

This kind of application usually measures the performance of a smartphone’s applications to improve their performance. We don’t know which one it is yet. The sequel to the next episode.

Put another way, we have two versions. @0xfoobar suggests that this is a inside job at Slope, while the Solana team is leaning towards an intrusion into the wallet via a monitoring app.

On the other hand, it is confirmed that the wallets synchronized with Slope and having been compromised are indeed Phantom and Trust.

According to Dune Analytics, the hack is completed and concerns 41,880 SOL. That’s $ 1.6 million, and not $ 8 million as we reported yesterday.

Chris Terry, vice president at SmartFi, commented :

“We used to say “Not you key, not your coin”, but this new hack shows the risk associated with connecting your wallet to DeFi platforms. We recommend that you never use a single wallet for everything. Don’t be lazy. Create a wallet for each specific task so as not to risk losing everything in case of a bug. »

Receive a digest of the news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss anything essential Cointribune!

Nicolas Teterel avatar
Nicolas Teterel

Journalist reporting on the Bitcoin revolution. My papers deal with bitcoin through geopolitical, economic and libertarian prisms.

Related posts

the reasons behind these flights finally known?

Ronald Chasteen

Hertzbleed: Hardware flaw threatens bitcoin (BTC) private keys

Ronald Chasteen

A university makes 12 times after recovering a ransom in bitcoins (BTC)

Ronald Chasteen