Developers say the Slope wallet is the common denominator in the latest exploit.
Solana Status, in a tweet on Wednesday, reveals that all affected wallets in the exploit yesterday were at one point used or imported into the Slope wallet; while noting that it remained unclear how the attacker got access to user seed phrases, the group confirmed that the Solana network itself was not compromised.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Notably, popular Terra whistleblower FatMan, in a tweet earlier on Wednesday, said the exploit was a result of a Slope backend leak.
“The recent Solana “hack” was actually due to an accidental leak from Slope wallet’s backend (which was potentially compromised). The Solana blockchain remains unaffected. Slope will put out a statement explaining what happened in greater detail shortly,” FatMan tweeted.
The recent Solana "hack" was actually due to an accidental leak from Slope wallet's backend (which was potentially compromised). The Solana blockchain remains unaffected. Slope will put out a statement explaining what happened in greater detail shortly.
— FatMan (@FatManTerra) August 3, 2022
Meanwhile, Slope, in its statement, while not explicitly confirming that the exploit originated from them, apologized to users of the wallet affected by the exploit, noting that staff and founders also had their wallets drained. The team urged users to move their holdings to a different wallet created using new seed phrases till the root cause of the hack is identified.
It is worth noting that on Wednesday, the Solana community panicked as Solana wallets started unexplainably draining. Notably, about 8000 wallets were affected, and about $5 million was lost in the exploit.
Users were advised to move their holdings to hardware wallets or central exchanges as they remained unaffected.
Notably, all funds were drained to 4 addresses sparking speculation of a coordinated attack. However, on-chain investigator ZachXBT noted that all four addresses were initially funded by a single address that received funding from a Binance wallet seven months ago, indicating that it could still be a single attacker.
— ZachXBT (@zachxbt) August 3, 2022
Following the attack, FTX.US President Brett Harrison urged the community only to report the facts and not spread panic on social media. Harrison showing support for the Solana team, asserted that Solana cares for its community.
Good time to step back and say:
⁃ in the event of a defi hack, report facts, not inferences, to official channels asap
⁃ avoid conclusory-sounding speculation on social media
⁃ everyone at @solana truly cares about protecting their community and they have my utmost respect
— Brett Harrison (@Brett_FTX) August 3, 2022
While Binance CEO invited Solana holders to store their funds on Binance for greater security:
If you used a Slope wallet (for SOL) in the past, move your funds to a different wallet ASAP. Do not "import" the old wallet. Use a new private key or seed phrase. If you don't know those words mean, send your SOL to @binance. The easy way. https://t.co/t1lYcgaX5z
— CZ 🔶 Binance (@cz_binance) August 3, 2022