Giant hack on Solana: the vulnerability identified, the Slope wallet in turmoil

After more than 24 hours of crisis, the dust is finally starting to settle on the Solana network. If the time is not yet quite for the balance sheet and the settling of accounts, the particular responsibility of a particular non-custodial wallet seems more and more proven.

SOL against all

It’s time for accounts after a handful of agonizing hours for the entire Solana community, and more particularly users of hot wallets (hot storage). Wallets massively attacked overnight from Tuesday to Wednesday for France, leaving thousands of victims in the wake of a hack as massive as it was initially incomprehensible.

According to information available on Solscan, more than 10,400 wallets were attacked and siphoned off. All for damage assessed at nearly $5 million, mainly in SOL tokens and USDC stablecoins (details below).

During the day yesterday, leads allowing perhaps to go back to the person responsible for this major hacking came to light (some particularly creative). However, it is now the exploited vulnerability that seems to have been identified.

>> Make the choice of security: Register on PrimeXBT (commercial link) <<

The inconsistency of the Slope wallet pointed out

If the conditional remains in place in such cases, it is disbelief that nevertheless dominates when the latest information is revealed.

These first elements were press releases by the Solana team itself. They indicate that the flaw exploited by the hackers would have concerned the Slope wallet.

Seeing a crypto-asset storage wallet successfully attacked is never good news. But even more, it is the details of this attack that leave you wondering: it appears that the private keys of thousands of users have been compromised because stored on centralized servers on the one hand, but above all transmitted in a way that we will qualify as “lightweight” to third parties by Slope.

An obviously aggravating factor, the massive exploitation of this strategic data demonstrates beyond a shadow of a doubt that it was available “in clear”. In other words, not encrypted. Inconvenient in an industry where cryptography represents the alpha and omega of good practices.

Solana statement following the hack, incrimination of the Slope wallet

“This exploit has been isolated to a wallet on Solana, and the hardware wallets used by Slope remain secure. The details of exactly how this happened are still being investigated. But private key information was inadvertently passed to an application monitoring service”

Once again, however, we will remain cautious, while the investigations post mortem are in classand that the situation is changing from hour to hour.

What is certain, however, is that it is the use of Slope’s services that serves as the common denominator for this large-scale piracy. Indeed, if users of the wallet phantom were also impacted, it appears that the victims had systematically initially created their wallet on Slope, before possibly migrating to its competitor (while keeping the same private key). The use of the mobile version of Slope also seems to have been one of the vulnerability criteria.

Slope posted a status update a few hours ago, indicating that they are fully aware of the situation (some of the founders’ and team’s wallets are said to be affected by the hack) and are working towards a quick resolution.

Solana’s team for its part insisted (rather legitimately) on the fact that the network itself had not been compromised at any time, recalling that this incident was the direct consequence of a lack of security on the part of from a third party. In the meantime, users of Slope solutions are advised to take the time to recreate a storage portfolio, in order to migrate their assets there. If necessary, find the Phantom installation tutorial here.

Stay away from crypto dramas and hacks: for your security, trust reliable and strong partners. Register now on the PrimeXBT platform (commercial link).

Leave a Comment