Hackers Exploit Slope Blunder to Breach Solana, Steal Over $4M

Solana logo on a smartphone

Cybercriminals have swiped more than $4 million worth of cryptocurrency assets from over 9000 wallets on the Solana ecosystem. According to Solana, the breach, which began early on Tuesday, has been traced to a vulnerability on Slope Wallet.

“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” Solana revealed on Twitter. The blockchain platform said the Solana protocol and cryptography were not compromised.

Slope has instructed its users to create a new wallet with a different seed phrase and transfer all their assets.

‘Private Key Compromise’ Led to Breach

On Wednesday, blockchain auditor OtterSec, who worked with Solana and Slope to investigate the breach, said the fact that illegal transactions were being signed by wallet owners indicates “some sort of private key compromise.”

“We have independently confirmed that Slope’s mobile app sends off mnemonics via TLS to their centralized Sentry server,” OtterSec tweeted on Thursday after further investigation. “These mnemonics are then stored in plaintext, meaning anybody with access to Sentry could access user private keys.”

Solana echoed this on Twitter, saying, “private key information was inadvertently transmitted to an application monitoring service.”

Slope has taken steps to fix the breach. “The server-side logging was removed as soon as the vulnerability was discovered,” the Slope team said.

The stolen assets include Solana, Bitcoin, Ethereum, USD Coin, and Tether, among others, and the affected wallets include Slope, Phantom, Solflare, and TrustWallet.

Blockchain analytics company, Elliptic, said $5.8 million was stolen from 7,947 wallets—$2.8 million in USDC, $1.8 million in SOL, and $1.4 million worth of other crypto assets. However, OtterSec said a total of $4,088,121 was stolen from over 9200 wallets.

It is unclear who was behind this breach. A cybersecurity expert, who worked with OtterSec to investigate the attack, disclosed on Twitter that the stolen assets were transferred to four addresses, and all four wallets were funded by a single wallet shortly before the attack.

Meanwhile, Slope said it has informed relevant law enforcement agencies to investigate the breach.

Hardware Wallets Are More Secure

Solana and Slope confirmed that hardware wallets were not compromised in the attack. Solana “strongly encouraged” users to switch to hardware wallets and create a new seed phrase.

“If you are using a hardware wallet, your keys have not been compromised,” Slope said in a statement.

Hardware wallets allow you to store digital assets offline, thereby eliminating the risk of an internet-based attack.

There has been an uptick in crypto-related breaches, and hackers seem to be targeting hot wallets (or online wallets). In May, Microsoft researchers discovered a new malware, dubbed Cryware, that targets hot wallets. In June, researchers at Confidant revealed that hackers were cloning crypto wallets like Coinbase and MetaMask to steal users’ assets.

Solana has instructed users to consider affected wallets “compromised, and abandoned.”

If you were a victim of this attack, you can complete this survey from the Solana Foundation. OtterSec has also invited affected users to fill out a form.

To learn more about the latest security threats to cryptocurrencies and how to protect your digital assets, check out our article on the top Bitcoin and cryptocurrency scams of 2022.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.