As a Solana mobile wallet is being blamed for the big network attack, private keys may have been mistakenly compromised.
Thousands of Solana users lost over $4.5 million in SOL and other tokens between Tuesday night and early Wednesday, and there is now a likely reason why: a private key vulnerability linked to mobile software wallet Slope.
On Wednesday afternoon, the official Solana Status Twitter account revealed preliminary findings obtained through collaboration between developers and security auditors, stating that "affected addresses appear to have been created, imported, or utilized in Slope mobile wallet programs at some point."
“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure,” the thread continues. “While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.”
According to the account, "There is no proof that the Solana protocol or its cryptography was breached."
Some Phantom wallets were also emptied of SOL and tokens during the hack, although the holders of those wallets appear to have previously communicated with a Slope wallet.
The Phantom team tweeted today, "Phantom has grounds to think that the claimed exploits are the result of problems linked to importing accounts to and from Slope."
Just before the Solana Status post, Slope issued their own statement. It confirms that Slope wallets were compromised, but does not go into detail about what happened, nor has the company accepted responsibility for the hacks.
"We have some assumptions about the nature of the breach, but nothing is definite yet," it says. "We feel the anguish of the community, and we are not immune."
Many of our own employees and founders' bank accounts were depleted. Slope's team stated that they are still aggressively diagnosing and are committed to publishing a complete postmortem, regaining your trust, and making this right as they can.
According to blockchain explorer Solscan, one of the four attacker wallets has been draining bitcoin or tokens from any vulnerable wallet for more than five hours.
Overall, the attackers stole an estimated $4.46 million in cryptocurrency from approximately 8,000 individual wallets, according to the Solana Status account.
The incident began on Tuesday night, and many Solana users and platforms initially assumed that wallets were being accessed via previously authorized smart contract rights.
The transactions, however, were signed by the wallets in issue, implying compromised private keys.
Slope advises its users to build a new wallet with a fresh seed phrase and move cash to it. Furthermore, hardware wallets were untouched by the hack and are suggested for keeping assets secure in the midst of a possible continuous vulnerability situation.