Recently, news of some Solana wallets being exploited and their owners losing their funds has permeated the crypto space. About $4.1 million worth of tokens were stolen from thousands of Solana wallets. At the time of the hack, there was divergent speculation about the root causes of the attack, as many people were desperate for ways to protect their funds.
Some speculated that the victims may have unknowingly signed a smart contract that granted the hackers access and permission to drain their wallets.
This prompted some to recommend that individuals revoke permission to any smart contract they may have signed.
Another theory held that the Solana chain had been compromised, giving hackers access to Solana-based tokens.
The above speculations turned out not to be the actual cause of the exploitation of thousands of Solana wallets.
This article investigates the causes of the widespread attack on thousands of Solana wallets.
TL:DR
- On August 2, 2022, news of a hacker draining the funds from Solana wallets spread like wildfire, and the malicious event lasted four hours.
- The Slope mobile wallet application was fingered as the root cause of the exploitation.
- Further investigation revealed that the victims’ private key information had been unknowingly transmitted by the Slope app to an illegally set up app monitoring service.
- Solana highlighted steps that should be taken to mitigate the situation.
What is Solana?
Solana is a blockchain that has been dubbed the “Ethereum killer” in different quarters because it is believed that the network is attempting to solve the issues observed on Ethereum.
It is a permissionless blockchain with a faster transaction speed than its competitor, Ethereum.
It is highly scalable, with over 200 nodes providing a high throughput of over 50,000 transactions per second.
The chain has continued to scale tremendously, with multiple teams building their decentralized apps on the network. SolChicks, a Play-to-Earn gaming ecosystem, is one of the most well-known Solana-based decentralized apps. This is just one of the many innovations based on Solana.
Solana may be resolving the scalability issue, as evidenced by its low transaction cost and high transaction speed, but it has gone offline on multiple occasions. In 2021, Solana went offline severally when notable decentralized apps built on it launched their mainnet or organized a Token Generation Event.
For instance, in December 2021, Solana went offline temporarily due to an oversubscribed Initial Dex Offering (IDO) by the popular Play-to-Earn (P2E) game SolChicks, which was hosting a token sale on Raydium (an Automated Market Maker and liquidity provider built on the Solana blockchain).
How Did The Solana Wallet Attack Happen?
On August 2nd, 2022, news of a hacker draining the funds from Solana wallets spread like wildfire, and the malicious event lasted four hours.
According to a press release by Solana, the attacker “drained 9,231 wallets of approximately $4.1 million in assets.”
Though some may have suspected that the attack was linked to a compromise of Solana’s core code, that rumour has been debunked.
Different organizations and individuals have spoken at length about this incident, with some offering updates in real-time. One of them is Solana Status. Using its Twitter account, Solana Status fingered Slope mobile wallet applications as the root cause.
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”
The Slope mobile wallet application has been identified as the root cause of the exploitation. Investigations into the attack were conducted, and it was discovered that the addresses that had been attacked had previously interacted with Slope wallet.
This led many to believe that the root cause lay with Slope Finance’s architecture.
Further investigation revealed that the Slope app had unknowingly transmitted the victims’ private key information to an illegally set up app monitoring service. With this, the attacker was able to access the information required to pull off the attack.
The hackers used four wallets to target thousands of wallets, though it is possible that the wallets used by the hackers attacked the same set of wallets.
Solana’s team revealed in a statement that the “exploit appears isolated to one wallet provider that supports Solana and Ethereum addresses,” but that “affected users on other software wallets (such as Phantom and Solflare) may have been the result of users’ reuse of seed phrases generated or stored within Slope.”
It is believed that Ethereum wallets were victims because they likely reused the seed phrases. After all, “both Ethereum and Solana use BIP39 mnemonics.”
Solana warned in the press release, “If you are a user of Slope, or have ever previously imported seed phrases into Slope, your wallet may be compromised.”
Solana’s team claims it is working tirelessly with Slope Finance to ensure this issue does not repeat itself in the future. It is expected that Slope Finance will publish a report about the incident and what it intends to do to prevent a recurrence in the future.
Solana highlighted different steps individuals should follow to protect their wallets and funds. They highlighted steps that individuals could take to mitigate the risks.
Solana’s team claims it is working tirelessly with Slope Finance to ensure this issue does not reoccur.
Slope Finance is expected to publish a report on the incident and its plans to prevent a recurrence in the future.
Solana outlined various steps individuals should take to protect their wallets and funds.
They also highlighted some measures that individuals could take to mitigate the situation, which includes:
- Users should instantly generate a new seed phrase using another wallet application.
- Once the new wallet app is set up, users should transfer their assets, both cryptocurrencies, and NFTs, to it.
- Users should stop using the old address because it may be compromised, and hackers could access the funds in it.
- Users should not reuse any wallets derived from seed phrases previously used with Slope’s mobile applications.
How Did Slope Finance React To The Attack?
When the cause was traced to Slope applications, the organization came under verbal attack by different members of the crypto community on social media apps like Twitter. Slope Finance has since tendered apologies for the incident.
They released a statement outlining their action plan. In their statement, they claimed they were working “tirelessly over the last week with the auditors OtterSec and SlowMist, and the cybercrime firm TRM” to get to the root cause of the hack. To bolster their zeal to ensure that this didn’t repeat in the future, they had given auditors “full access to all databases, data pipelines, server logs, and application source code.”
Slope Finance disclosed in their statement that they discovered some findings from third-party investigations.
Firstly, a “vulnerability in the Sentry Service implementation on Slope Wallets on mobile” occurred for a few days, allowing the hacker to access sensitive data.
Secondly, it revealed a lack of evidence to back the claims that “all security layers (e.g., transmission and storage) were compromised. All the transmission to the Sentry server is protected through HTTPS end-to-end encryption, and access to the Sentry server is controlled through 3-factor authentication.”
Though Slope Finance apologized for the hacking incident, it believes that the attack can not be directly linked to its architecture because “there is no conclusive evidence from the auditors to link the Slope vulnerability to the exploit.”
Slope Finance also stated that no additional issues were discovered during the investigation and that the “latest patched version of Slope Wallet is safe to use.”
If you would like to read more articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”