A cyberattack emptied 9,231 wallets of roughly $4.1 million worth of assets starting on August 2, 2022, at 22:37 UTC and lasting for almost 4 hours. On-chain transactions demonstrate that the hacked or leaked private keys for the affected wallets were used to sign fraudulent transactions.
The Slope wallet apps for iOS and Android by Slope Finance appear to have created, imported, or utilized compromised addresses at some time, according to an assessment by developers, analytics firms, and security auditors.
Private key information from these Slope users was accidentally transferred to an application monitoring service via the Slope program. However, it is still unknown how the hacker accessed or received this information.
This attack did not include any fundamental code from Solana Labs, the Solana Foundation, or the Solana protocol itself. This was not a vulnerability at the protocol level.
The compromised users on other software wallets (such as Phantom and Solflare) may have been the consequence of users’ reuse of seed phrases produced or kept inside Slope. This vulnerability appears to be limited to one wallet provider that serves Solana and Ethereum addresses.
Presently, it is not thought that this is a problem that is specifically tied to wallet systems other than Slope. Since both Ethereum and Solana employ BIP39 mnemonics, any effect on users with Ethereum wallets was probably also caused by the repetition of seed phrases.
The wallets created using seed phrases that have not yet been imported into (or used by) Slope wallets were not impacted, nor have hardware wallets (used with or without Slope). But, a user just needed to import the seed phrase into the Slope app to become exposed. This incident had no impact on block production.
Slope Finance is still working to identify the entire scope of the problem and how the hacker was able to obtain this data, with the assistance of leading external security and audit organizations, developers, security experts, and procedures all across the ecosystem. The Slope Finance team has promised to provide a comprehensive reply on this issue available to the public.
