The Solana Foundation says exploited addresses were “created, imported, or used” in Slope mobile wallets and there's “no evidence” the protocol was compromised
Private keys may have been inadvertently compromised as a Solana mobile wallet is fingered for the major network attack.
Decrypt Andrew Hayward
Related Coverage
- Slope wallet provider saved user seed phrases in plain text, Solana security researchers find The Block · Vishal Chawla
- Slope's Official Statement Regarding the Breach Slope Finance
- Multimillion-dollar Solana crypto theft linked to Slope mobile wallet The Verge
- Slope wallet provider linked to hack on Solana-based wallets Inside Bitcoins · Ali Raza
- SOL Hack Update: Exploit Allegedly Tied To A Slope Finance Bug; Slope Reacts CoinGape · Abigal Vee
- Slope Wallets Assumed to Be the Culprit of the Solana Attack CryptoPotato · Jordan Lyanchev
- Solana Blames Slope Wallet for Hack While Slope Says that ‘Nothing is Yet Firm’ Cryptonews · Ruholamin Haqshanas
- Slope wallets blamed for Solana-based wallet attack Cointelegraph · Brian Newar
- An Un-SOL-ved Mystery — Solana - REKT — read this article also in: — Panic, chaos, suspicion. rekt
- A pair of hacks rattle an already jittery crypto industry Washington Post · Steven Zeitchik
- Solana team traces exploit back to Slope mobile wallets The Block · Aislinn Keely
- Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets The Register · Jessica Lyons Hardcastle
- Solana Suffering Yet Another Setback With Wallet Hacks BTC Times · Hodl D.
- Solana Network Was Not Breached, Slope Wallet Blamed Blockworks · Ornella Hernandez
- Mobile wallet Slope responds as it blamed on Solana hack Micky
- Solana blames Slope for exploit Forkast · Ningwei Qin
- Solana's $6M Exploit Likely Tied to Slope Wallet, Developers Say CoinDesk · Eli Tan
- Over $5 Million Drained in Solana Wallet Exploit Elliptic Connect
- 8,000 Solana Wallets Drained Millions Worth of Crypto in Cyberattack HackRead · Waqas
- Web3 wallet provider Slope linked to Solana attack CoinJournal · Charles Thuo
- Solana Exploit Possibly Caused by Slope Wallet Vulnerability Ethereum World News · Rahul Nambiampurath
- 👛 Solana's $6M exploit tied to Slope Wallet Waivly
- Thousands of Solana wallets drained in attack using unknown exploit BleepingComputer · Bill Toulas
- $500m L1 exploit smacks the cryptoverse! The Capital
- Hackers might be responsible for removing $4.8M from crypto exchange ZB.com: PeckShield Cointelegraph · Turner Wright
- Crypto Takes a Fresh Hit as Thousands of Solana Wallets Hacked Bloomberg
- Several crypto platforms targeted in multimillion-dollar attacks The Record · Jonathan Greig
- A bridge too far — At this point in the crypto deflation, an apparent attack … Soon Parted · Daniel H. Neilson
- Crypto wallet hack has drained millions from iOS and Android users with ‘hot’ wallets — how to protect yourself Laptop Mag · Sean Riley
- Solana Wallets Get Hacked, And The Company Loses Millions Fossbytes · Aman Anand
- The Solana Hack and Why You Need a Hardware Wallet Web 3 Shower Thoughts · Wasif Rahman
- Solana Exploit Tied To Slope Wallet As Community Assured That Blockchain Remains Uncompromised The Crypto Basic · Mark Brennan
- Hand over your Solana — Good morning! Welcome to The Daily Moon. The Daily Moon · Sabyasaachi
- Cardano's Charles Hoskinson Reacts to the On-going Solana Attack Watcher Guru · Vignesh Karunanidhi
- Hacking attack drains £5m from 8,000 wallets linked to Solana crypto network The Guardian · Dan Milmo
- ‘Malicious actor’ drains $5.2 million in crypto assets from 8,000 digital wallets in one go PC Gamer · Jorge Jimenez
- Fresh woes for Solana, NFTiffs, and Care Bear markets (Issue #33) The Metaversalist · Metaversal
- Solana ecosystem hit by hack draining millions in crypto from 8,000 hot wallets The Verge · James Vincent
- Crypto Hack Spree Sees Millions Stolen In Just Days - And It's Still Ongoing SlashGear · Monica J. White
- Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far CNBC · MacKenzie Sigalos
- Solana wallets ‘drained’ in blow to crypto network Financial Times · Scott Chipolina
- Updated: Solana-based wallet hack drains more than $6M in ongoing attack SiliconANGLE · Kyt Dotson
- Thousands of Solana Wallets Hacked and Drained in Multimillion Dollar Attack MUO · Katie Rees
- More crypto wallets are being hacked and drained TechRadar · Sead Fadilpašić
- Hack Drains Millions of Dollars From Thousands of Solana Crypto Wallets Gizmodo · Kyle Barr
- Solana's SOL Token Holds Price Support Despite Hack CoinDesk · Omkar Godbole
- Solana hack wipes more than 7,000 wallets, totaling nearly $5 million in losses CyberScoop · Tonya Riley
Discussion
-
@solanastatus
@solanastatus
on x
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
-
@phantom
@phantom
on x
1/ Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance. We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident. https://tw…
-
@solanastatus
@solanastatus
on x
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure. While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3
-
@slope_finance
@slope_finance
on x
Slope statement regarding the breach situation: https://docs.google.com/...
-
@0xfoobar
@0xfoobar
on x
Correction - the Slope wallet did not send seed phrases to external partners, but may have logged them on their own centralized servers. Apologies for getting a bit ahead of myself, postmortem still in progress. Wait for an announcement from the team for true confirmation.
-
@0xfoobar
@0xfoobar
on x
Solana hack - looks like the Slope wallet sent plaintext seed phrases to external integration partners. Compromised Phantom wallets came from seed phrase imports used in Slope. Compromised ETH wallets were also from seed phrase reuse. Not a blockchain or randomness issue.
-
@solanastatus
@solanastatus
on x
There is no evidence the Solana protocol or its cryptography was compromised. 3/3
-
@fatmanterra
FatMan
on x
The recent Solana “hack” was actually due to an accidental leak from Slope wallet's backend (which was potentially compromised). The Solana blockchain remains unaffected. Slope will put out a statement explaining what happened in greater detail shortly.
-
@osec_io
@osec_io
on x
Over $4M was drained from Solana wallets over the past 2 days. We've been working directly with @solana and @slope_finance to investigate. Here's what we found. https://twitter.com/...
-
@lordx64
@lordx64
on x
So the #slope #wallet is more like an insider threat, rather than supply chain hack, or else. I saw this traffic yesterday (see timestamp) going SSL encrypted to slope servers https://o7e.slope.finance/ but I was like nah that can't be malicious but indeed it have the seed phrase…
-
@cz_binance
@cz_binance
on x
If you used a Slope wallet (for SOL) in the past, move your funds to a different wallet ASAP. Do not “import” the old wallet. Use a new private key or seed phrase. If you don't know those words mean, send your SOL to @binance. The easy way. https://twitter.com/...
-
@slope_finance
@slope_finance
on x
See below for our official statement on the breach situation (now posted to our Medium). We empathize with everyone affected, and are doing our best to solve and rectify the situation. https://slope-finance.medium.com/ ...
-
@fatmanterra
FatMan
on x
Correction to a previous tweet I made regarding seed phrases: While Slope was indeed able to view user keys as plain text, the external integration did *not* receive these as plain text. My apologies - this is a developing situation; now waiting for official announcements.
-
@chipflare
@chipflare
on x
.@slope_finance raised $ from high profile firms including: @genesistrading: No comment @jump_: No comment @cmsholdings: Coverage but no comment @solanaventures: No comment @AlamedaTrabucco: No comment @circlepay: No comment I think it's unacceptable for them to stay silent. http…
-
@thecryptolark
Lark Davis
on x
Wow, so it seems that the #solana wallet hack was because the wallet provider Slope sent seed phrases to external partners. Any Phantom, or Ethereum wallets affected were due to people using the same seed phrases. Unbelievable negligence by the Slope team.
-
@lordx64
@lordx64
on x
This traffic was found in the version 2.2.2. of Slope Wallet that I freshly downloaded from the @Apple AppStore. The SHA-256 (pre-thinned) ipa file is this one: 94f0df488452e50d7febf4f8a776b739acd7a9a ac6c441204bff68bae7e06eae
-
@0xfoobar
@0xfoobar
on x
Statement from the Slope team https://twitter.com/...
-
@earlyishadopter
@earlyishadopter
on x
https://www.coindesk.com/... Okay, let's stop calling it a Solana exploit now.
-
@chrismaddern
Chris Maddern
on x
a google doc, really? I feel really bad for Slope, but everything about this has felt odd... https://twitter.com/...
-
@mdudas
@mdudas
on x
<click this link> ffs https://twitter.com/...
-
@hudsonjameson
Hudson Jameson
on x
This investigation and incident response has been a culmination of work of well over 100 people across multiple orgs and blockchain ecosystems. Be on the lookout for information regarding what causes we have ruled out and to (hopefully) quell speculation overall. https://twitter.…
-
@slope_finance
@slope_finance
on x
Update: As we work to complete the forensic investigation of yesterday's breach together with our auditing partners @SlowMist_Team & @osec_io, we're calling for the support of the broader community to help us trace & flag attacker wallets & ultimately recover funds.
-
@ncweaver
Nicholas Weaver
on x
The most subtle supply chain attack is indistinguishable from a stupid bug... https://twitter.com/...
-
@chrismaddern
Chris Maddern
on x
nightmare case for @slope_finance I feel really bad for a team trying to build in a new space, but hard to imagine how you come back from compromising 15,000 solana wallets https://decrypt.co/...
-
@slope_finance
@slope_finance
on x
Attackers interacted from @binance to: HYaQcKPcWgLe7gpA99EUbDSGuzJCupNVCRXmXP3 7xYXv Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vS g4wxV CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6h b3iEu 5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxByw h1J3n GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrB Dbmuy
-
@cygaar_dev
@cygaar_dev
on x
We often criticize MetaMask, but their extension is open source which means leaks like the one that happened to Slope are much less likely to happen. I'd love to see an open source Solana wallet competitor come out of this; we need to keep users safer moving forward
-
@coinbureau
@coinbureau
on x
So the $SOL wallet hack had nothing to do with the network, but compromised private keys created, imported, or used in the Slope mobile wallet It also impacted Phantom users who had imported wallets from Slope. Credit to the Solana devs for their work in finding the root cause.
-
@gregosuri
Greg Osuri
on x
Slope uploaded users' mnemonics and private keys in plain text to their servers. We should demand Opensource wallets with better scrutiny by protocol teams. @MoonRankNFT reported it, but I had to see it myself; I never thought a dev could be this negligent, so I ran a trace. http…
-
@zachherbert
@zachherbert
on x
It looks like the Solana hack is caused by Slope wallet sending the user's seed in plaintext to the company's server. This is why open source is so important. Code needs to be auditable, users need the freedom to build the app from source code. https://twitter.com/...
-
@solanastatus
@solanastatus
on x
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted. This thread will be updated as new information becomes available.
-
@phantom
@phantom
on x
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue. As soon as we gather more information, we will issue an update.
-
@0xfoobar
@0xfoobar
on x
🚨 Widespread Solana private key compromise 🚨 - attacker is stealing both native tokens (SOL) and SPL tokens (USDC) - affecting wallets that have been inactive for >6 months - both Phantom & Slope wallets reportedly drained https://twitter.com/...
-
@peckshieldalert
@peckshieldalert
on x
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M)…
-
@sandeepnailwal
@sandeepnailwal
on x
My heart goes out to #Solana community members who lost their life savings in the ongoing attack. Stay strong, these are the growing pains the entire blockchain industry has to go through. These moments, if handled correctly, lead to a lot of strength for any ecosystem.🖖
-
@solanastatus
@solanastatus
on x
Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained. 1/2
-
@solanastatus
@solanastatus
on x
This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network. Updates will be posted to https://twitter.com/... as they become available. 2/2
-
@aeyakovenko
@aeyakovenko
on x
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://explorer.solana.com/ ... As well as key that were imported into iOS, and generated externally. https://explorer.solana.com…
-
@solanastatus
@solanastatus
on x
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected. The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.
-
@magiceden
@magiceden
on x
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem Here's what you can do right now to best protect yourself 1. Go to >Settings on your @phantom wallet 2. >Trusted Apps 3. >Revoke Permissions for any suspicious links 💜
-
@solanastatus
@solanastatus
on x
There's no evidence hardware wallets have been impacted - and users are strongly encouraged to use hardware wallets. Do not reuse your seed phrase on a hardware wallet - create a new seed phrase. Wallets drained should be treated as compromised, and abandoned.
-
@cz_binance
@cz_binance
on x
There is an active security incident on Solana. Many (7000+ and counting) wallets are drained of SOL & USDC. Don't know root cause yet. Maybe permissions granted to apps. For remediation, send the funds to a cold wallet or CEX like @Binance. https://twitter.com/...
-
@solporttom
@solporttom
on x
Massive exploit/drain going on with Solana seeing it live in Taiyo tons of people losing their whole balance out of no where. Move everything to a ledger NOW. Two wallets reported: #1 https://solscan.io/... #2: https://solscan.io/...
-
@milesdeutscher
Miles Deutscher
on x
There's an unknown $SOL exploit currently draining random Phantom wallets right now. ⚠️ $6m currently stolen. If you have funds on Phantom, make sure to revoke all permissions + move to a hardware wallet.
-
@aeyakovenko
@aeyakovenko
on x
Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.
-
@justinbarlow
@justinbarlow
on x
For reference I haven't interacted with any contracts at all in ~40 days. My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained
-
@chrisalbon
Chris Albon
on x
From the outside it feels like there are only two types of events in crypto: 1. Something new just launched 2. People lost their life savings https://twitter.com/...
-
@kevincollier
Kevin Collier
on x
I literally don't know how to keep covering the scope of how widespread these mass crypto hacks have gotten. It's just “oh my God they found another way/they did it again/it's so much money,” over and over and over. https://twitter.com/...
-
@grady_booch
Grady Booch
on x
“These are the growing pains the entire blockchain industry has to go through” Bullshit, Sandeep. Complete and utter rejection of ethical computing on your part. https://twitter.com/...
-
@magiceden
Magic Ethen
on x
We highly suggest you to take steps to protect yourself in the best way we can recommend right now We'll keep you guys updated with anything significant we may find during our investigation Stay strong 🫂💜 https://twitter.com/...
-
@lizrummy
@lizrummy
on x
Sorry you lost all your life savings, but please understand a hack every 10 seconds is just growing pains for the industry. Look at the big picture. https://twitter.com/...
-
@milesdeutscher
Miles Deutscher
on x
1/ It all started when a few people started to notice some unusual outflows from Phantom wallets on Solana. https://twitter.com/...
-
@spencerdailey
Spencer Dailey
on x
1/ this solana/USDC hack situation is nuts: it's a worst case scenario (thousands of wallets hacked for no apparent reason after 15+ hours) and... SOL is only down 4% over 24 hours. Markets are completely broken https://www.techmeme.com/... https://twitter.com/...
-
@fatmanterra
FatMan
on x
@cobie Insider told me what happened (Solana has a pretty good guess), announcement should be coming soon. They are still narrowing down whether it was Slope *and* Phantom or just Slope that was leaking crucial data to a certain integration accidentally. ETA a couple hours.
-
@cobie
@cobie
on x
Is there a post-mortem on the Solana wallet draining thing anywhere yet
-
@lyu_johnny
@lyu_johnny
on x
We have noticed the ongoing #Solana wallets exploit. Users can be reassured that their $SOL assets with #KuCoin are safe. We're in close contact with the Solana team and have blocked the suspicious addresses as requested. Still checking other ways to help. Stay Safe! 🙏
-
@caspiancey
@caspiancey
on x
Don't worry, Jump Crypto will foot the bill again. Right guys? Guys??
-
@silvermanjacob
Jacob Silverman
on x
Sorry you lost your LIFE SAVINGS. Growing pains. https://twitter.com/...
-
@stevekovach
Steve Kovach
on x
There have been 3 big crypto hacks/breaches/thefts so far this month. And it's only August 3. https://twitter.com/...
-
@matthew_d_green
Matthew Green
on x
I don't mean to dwell on this Solana key theft issue, because I don't specifically care about Solana, but I feel like this might be the tip of a much bigger iceberg re: wallet security. https://decrypt.co/...
-
@mattdesl
Matt DesLauriers
on x
npm install scripts seems like the biggest crypto hot-wallet attack vector on the web. 😬
-
@hosseeb
Haseeb Qureshi
on x
This has been a bad week for exploits. Active attack right now on Solana—no one knows yet where it's coming from. Revoke permissions ASAP (or just move assets to a Ledger). https://twitter.com/...
-
@buccocapital
@buccocapital
on x
We are “so early” it might actually have been “too early” https://twitter.com/...
-
@liron
Liron Shapira
on x
The SOL hack is a good reminder that by the time all problems with blockchain currencies get patched, the resulting financial system will be as complex and as regulated as traditional finance. Therefore I recommend focusing on iterative upgrades to the traditional finance system.
-
@naeper
Dmitriy Gerasimov
on x
Two important lessons: - Solana was written on Rust that's positioned as secure language. Language itself doesn't provide high security. That's why we've selected C language. - Most probable cause is supply chain attack. That's why Cellframe almost has no 3rd party components htt…
-
@justin_bons
Justin Bons
on x
Solana wallets are being drained on mass right now! As part of what looks like a private key exploit! I have been warning people about the reckless behavior of SOL for years This is a consequence of that behavior If you are affected follow this advice: https://twitter.com/...
-
@solbigbrain
S◎L Big Brain
on x
Still seems to be a lot of unknowns on this exploit. Nothing concrete on the exact cause yet. Most roads are leading to those who had mobile wallets (Phantom or Slope). I have used zero mobile wallets and so far all wallets appear safe. Anybody drained while never using mobile?
-
@thisisnuse
Ant
on x
Unaffected by the $SOL exploit due to draining my own wallet using good old fashion shit trading at Mango months back. Crisis averted.
-
@officer_cia
@officer_cia
on x
Big news - @Solana hack! In an unknown way scammers are withdrawing $SOL from the wallets of ordinary users right now! The amount of stolen funds currently exceeds $5 million. I recommend unlinking your wallet from all sites so they don't have access to your assets! https://twitt…
-
@top7ico
@top7ico
on x
Ongoing Exploit of @solana $SOL Hot wallets: More than 8,000 wallets drained Funds have been drained without users knowledge from major internet-connected hot wallets including @phantom, @slope_finance and @TrustWallet. 👉 https://coindesk.com/... https://twitter.com/...
-
@silvermanjacob
Jacob Silverman
on x
Imagine if you got a message like this about your USD checking account (and if you didn't get this message you'd be in trouble). Anyway, Solana, an industry darling, seems to be experiencing a major hack. Many magic tokens lost. https://twitter.com/...
-
@justinbarlow
@justinbarlow
on x
Just had my USDC drained AMA🙁
-
@coinbureau
@coinbureau
on x
Another day, another hack... Seems to be an ongoing attack on Solana affecting hot wallets. Doesn't appear to be about dApp permissions either so revoking won't help. If you are using a $SOL web wallet, best to transfer those funds to a hardware device for the time being 🙏 https:…
-
@justinsuntron
H.E. Justin Sun
on x
Revoking approvals and transferring your solana based token to an offline hardware wallet. For USDC, you can trust USDC on #TRON. For SOL, you can trust @Poloniex. https://twitter.com/...
-
@web3isgreat
@web3isgreat
on x
This is an ongoing attack, so stay tuned for updates on this one. The attackers are continuing to transfer funds out of various wallets as we speak, and it doesn't seem the source of the exploit has been identified.