Solana Exploit May Be Caused By Slope Wallet Vulnerability


  • A bug in Slope’s wallet is believed to be responsible for the recent theft of Solana’s wallet.
  • Nearly $6 million was stolen from 9,000 addresses.
  • The team is still investigating and a full report will be released at a later date.

The recent attack on the Solana wallet resulted in the loss of nearly $6 million from 9,000 addresses, attributed to the theft of private keys on the Slope mobile wallet app. The team’s initial investigation indicated that private key details of the stolen wallet were inadvertently transferred to a third party.

After developers, the ecosystem team, and security auditors began investigating the attack, they noticed that the affected addresses had been created, imported, or used in the Slope mobile wallet application at one point. They also noted that the vulnerability was isolated in a wallet on Solana, while the hardware wallet used by Slope remained secure.

While Slope continues to investigate, it has Ask all Slope users Create a new unique mnemonic wallet and transfer all its assets there. Hardware users stay safe and have to worry about their keys. The team will release a full post-mortem report at a later date.

Four attackers have been identified, compromising around 9,000 unique wallets. So far, all investigators have said that there appears to be no bug in Solana’s code. The software used by popular wallet providers appears to be vulnerable.

Solana Labs co-founder Anatoly Yakovenko said the attack looked like an “iOS supply chain attack,” though he later noted that Android users also appeared to be affected. He also concluded that this could be a bug specific to Slope.

Hackers continue to exist in the crypto space

There will be no shortage of hacks in the crypto market in 2022, and the number of reported incidents seems to be increasing day by day. A recently released SlowMist report claims that crypto hackers will steal over $1 billion from DeFi in 2022 alone.

The Twitter account of digital artist Beeple was also recently hacked, and hackers managed to steal $400,000 worth of cryptocurrency funds by posting phishing links. Phishing has become a popular attack method among bad actors this year.

Some of the attacks were attributed to the North Korea-linked Lazarus group. The group is believed to be behind the $100 million Harmony Protocol Horizon Bridge hack and many other such hacks.





Source link

Leave a Reply

Your email address will not be published.