Solana wallet provider Slope has been identified as the source of a hack in which attackers stole an estimated $8M in USDC, SOL and other crypto assets, according to a brief analysis released Wednesday by the Layer 1 blockchain.
Slope users were urged to create brand-new wallets with alternative providers and to transfer their crypto assets to those new wallets.
In a statement Wednesday afternoon, Slope acknowledged that a “cohort” of its wallets were compromised.
“We have some hypotheses as to the nature of the breach, but nothing is yet firm,” the statement read. “We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.”
Slope said hardware wallets were not affected and a full post-mortem was incoming.
Solana, meanwhile, said its researchers had determined “private key information” – essentially the password to a user’s crypto wallet – “was inadvertently transmitted to an application monitoring service.” How this later led to the hack is yet to be determined.
While almost 8,000 wallets from multiple providers were affected – including Phantom and Trust – researchers linked the attackers’ theft to Slope’s integration with those other providers.
The attack was not limited to iPhones as researchers initially believed, according to Solana founder Anatoly Yakovenko.
Slope wallets “may have logged [plaintext seed phrases] on their own centralized servers,” Twitter user foobar wrote.
The revelations in Solana’s postmortem highlighted the difficulty of diagnosing an exploit in real-time.
Solana representatives said early Wednesday that, while not a Solana issue, the hack was likely not attributable to a specific wallet provider.
Alexander Golding, a ventures associate at Delphi Digital who helped organize Solana’s response to the hack, said there were at least four attackers.
At the height of the hack on Tuesday night, the attackers were stealing 1,000 SOL tokens – worth about $39,000 — per minute. The amount they have been able to siphon away since midnight has plummeted, however, according to Dune Analytics dashboards tracking the hack.
Experts took to social media Tuesday to implore Solana users to safeguard their assets by moving them to “cold storage,” i.e. USB-style hardware purpose-built for crypto and disconnected from the internet.
“Good time to order a ledger,” Yakovenko tweeted, “and a @solanamobile though.”