As new reports and investigations in connection with the Solana hacks show, a third-party wallet was responsible for the Solana exploit.
Solana users have experienced attacks in recent days in which cryptos worth several million USD were stolen by unknown persons. At the moment, the wallets are still being emptied, even if the pace has decreased.
Solana’s security team has spent its time searching for the vulnerability. It seems that the reason for this has been found.
Although the attack was aimed at Solana users, Solana itself does not seem to be to blame for this.
So far, Solana has confirmed that the problem apparently only affects Slope’s hot wallets, as no hardware wallets have been caught.
However, the developers of Solana recommend that all Slope users generate a new seed phrase, no matter which wallet they use.
“Create a new and unique seed phrase wallet and transfer all assets to this new wallet. Again, we do not recommend using the same seed phrase for this new wallet that you had on Slope. If you are using a hardware wallet, your keys have not been compromised.
We are still actively investigating and are committed to publishing a full report, regaining your trust and doing as well as possible.”
While the investigation was still ongoing, it was initially assumed that the problem was more widespread, as Phantom wallets were also emptied. But it turned out that the Phantom wallets were not really Phantom Forever users.
“If you used Slope at all, consider these wallets burned. So far, nothing indicates that Phantom itself had a problem, although it is interesting that there are no reports of users on Solflare who also used their seed on Slope, while there were many with Phantom.”
Emptied Phantom wallets had also used Slope, as confirmed by Austin Federa, communications director of Solana.
These statements were later confirmed by Phantom developers, who also recommended that Phantom users who had created their wallets with Slope send their funds to a non-Slope wallet.
In the course of the investigation, there are also reports that the vulnerability is due to a not very good development on Slope’s side. It is said to be due to Slope’s logging seed phrases on their servers.
This error seems to have led to the fact that about 9000 wallets were emptied, which not only affected Solana. The largest amounts were in SOL and USDC.