The Slope wallet behind the Solana (SOL) hack

the wallet Slope has been identified as the source of the recent hack having compromised nearly 8000 wallets of Solana (SOL).

sloppy job

The Solana developers discovered that the addresses involved in the hack have one thing in common: an interaction with the wallet slope.

“It appears that the affected addresses were at some point created, imported or used via the Slope mobile wallet”can we read on the twitter account of Solana.

This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3

— Solana Status (@SolanaStatus) August 3, 2022

Here is what the description of the Slope app on Google store says:

“Slope wallet allows you to import an ethereum wallet. It is possible to store ETH there or clone ETH on Solana to take advantage of instant transactions on ETH for a cost 1000 times lower! »

Slope is a non-custodial wallet (but not open-source) specific to the Solana ecosystem. “ Non-custodial means that their users own their private keys.

Nevertheless, the wallet offers services related to DeFi, NFTs and ETH cross chain. So many potential loopholes since these gasworks may need to temporarily import seed sentences on their servers.

This is what @0xfoobar suggests:

Statement from the Slope team pic.twitter.com/uOEdO25x8c

— foobar (@0xfoobar) August 3, 2022

For now, “details of exactly how this happened are still under investigation” communicated Solana. The firm still suspects that the private keys would have been transmitted “inadvertently to a monitoring app”…

This kind of application usually measures the performance of smartphone applications to improve performance. We don’t know which one it is yet. To be continued in the next episode.

In other words, we have two versions. @0xfoobar suggests it is a inside job at Slope, while the Solana team is leaning towards an intrusion into the wallet via a monitoring app.

On the other hand, it is confirmed that the wallets synchronized with Slope and having been compromised are indeed Phantom and Trust.

According to Dune Analyticsthe hack is over and concerns 41,880 SOL. That’s $1.6 million, not $8 million as we reported yesterday.

Chris Terry, Vice President at SmartFi, commented:

“We used to say ‘Not you key, not your coin’, but this new hack shows the risk associated with connecting your wallet to DeFi platforms. We recommend never using a single wallet for everything. Don’t be lazy. Create a wallet for each specific task so you don’t risk losing everything in the event of a bug. »

Receive a summary of news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so you don’t miss any of the essential Tremplin.io!