Web3 wallet provider Slope linked to Solana attack

After the August 2 attack on Solana, details have been revealed linking Slope, a third party Web3 wallet provider to the attack.

Over 8,000 Solana hot wallets were hacked and $8 million worth crypto assets stolen. Solana advised users to use hardware wallets at the beginning of the attack. However, it was too late as users had already lost funds.

Solana has today updated its community via Twitter After discovering that the addresses affected were part of Slope Wallet (a Web3 wallet), I was able to recover my funds.

Solana tweeted:

“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”

The slope web-based cryptocurrency wallet is available, as well as a mobile app and browser extension. It integrates with Solana Pay, allowing users to send and get tokens on Solana’s network.

We know so far about the Solana attack

Solana has stated that the details of what really transpired are still unclear although there is evidence that “Slope wallet was logging or transmitting user mnemonics and private keys.” 

Although it is not clear if this is the exploit, it seems to be confirmed that Slope wallet was logging and transmitting private keys and mnemonics. This tweet shows a screenshot showing a private key and mnemonic during what appears to have been a network request. https://t.co/oBkfrHP9I7

— Laine ❤️ stakewiz.com (@laine_sa_) August 3, 2022

Solana however stated that there is no evidence to suggest that the Solana Protocol was or its cryptography was compromised by the attack.

After the revelation of Slope’s link to the attack, Solana co-founder, Anatoly Yakovenko tweeted advising Slope users to generate their seed phrase in a different wallet as soon as possible. Binance CEO, Changpeng Zhao, echoed Anatoly’s advice adding that users could use Binance.

Move your funds to another wallet immediately if you previously used a Slope (for SOL), wallet. Don’t “import” an old wallet. Use a new seed phrase or private key. Send your SOL to clarify what those words mean. @binance. The simple way. https://t.co/t1lYcgaX5z

— CZ 🔶 Binance (@cz_binance) August 3, 2022

Slope, on its part, issued a letter Slope explained to customers the attack hypothesis and stated that it couldn’t confirm anything. Slope also notes in the letter:

“We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.”

As details of what actually happened are still coming in, Solana and Slope Wallet users should be cautious.

SOL, the native token for the Solana network, has seen a drop in price and has fallen by more than 10% over the past two days. Solana traded at $38.86 as of the writing.