Solana’s Latest $6M Exploit Likely Tied to Slope Wallet, Devs Say

Developers behind the Solana blockchain are saying the closed-source Slope wallet may be responsible for an ongoing exploit that’s stolen millions of dollars’ worth of crypto tokens from over 9,000 hot wallets.

In the second day of the exploit that’s stolen at least $6 million in various in tokens from users of the Slope and Slope-tied Phantom wallets, the Twitter account tied to the blockchain’s marketers is blaming the software of the wallets, and not its own code, for the attack.

“This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network,” the network said in a Wednesday morning tweet.

Among the affected wallet services are Phantom and Slope. More than $6 million has so far been drained from unsuspecting hot wallets, which are wallets whose keys are stored online as opposed to in cold storage on a hardware device.

A press contact for the Slope wallet did not return a request for comment by press time. In a statement, Slope developers said «a cohort» of wallets were compromised but they did not confirm whether their private key storage practices may have been involved.

Phantom Wallet developers, for their part, said they have «reason to believe the reported exploits are due to complications related to importing accounts to and from Slope.»

Solana Labs’ CEO Anatoly Yakovenko initially tweeted he suspected the exploit could be linked to an Apple iOS supply chain issue, but has since narrowed the source to a hack of Slope’s centralized servers, where private keys appear to have been stored as plain text.

A supply chain attack is when a bad actor inserts their own malicious code into the software of a larger system. An iOS supply chain attack, in this instance, would likely be an attacker accessing private keys through the online wallet libraries.

Other developers on Twitter increasingly say they believe that Slope stored private keys as plaintext on a centralized server, which was compromised by the attacker.

“So far seems like phantom users also used slope. So seems more likely that this is a slope specific bug,” Yakovenko said in a Wednesday tweet.

Several users and organizations have taken to Twitter to collect information from victims of the exploit, though no sort of retribution plan has been laid out. The 9,000 drained wallets make up just a small fraction of the 25 million total Solana hot wallets in existence.

Read more: Solana Wallets Targeted in Latest Multimillion-Dollar Hack

Source