JAKARTA - Earlier this week, thousands of crypto wallets connected to the Solana ecosystem were drained by hackers who used the owner's private key to steal Solana (SOL) and USD Coin (USDC).
Now Solana says that, following an investigation "by the developer, ecosystem team and security auditors," they feared an attack on accounts linked to the Slope mobile wallet app.
A chart created at Dune to track attacks calculates the amount of crypto stolen over 4 million US dollars, drawn from more than 9,000 unique wallets.
Slope Finance, which calls itself “the easiest way to find web3 apps from one safe place,” has issued a statement advising all Slope users to create “a new and unique seed phrase wallet, and transfer all assets to this new wallet.”
The blog post also said "many" wallets belonging to Slope staff were also drained but noted that hardware wallets, also known as cold wallets, and not connected to the internet, were not affected.
Slope did not provide details on how the attack took place, but outsiders have found evidence that the company's mobile app was transmitting users' unencrypted private keys as part of their logging and telemetry.
In a tweet, Solana's group said, "Exact details of how this happened are still under investigation, but private key information was inadvertently transmitted to the application monitoring service." The company added: "There is no evidence that the Solana protocol or its cryptography was compromised."
Some Solana users holding funds in wallets operated by third-party Phantoms were also affected, but Phantom itself has firmly blamed the breach on Slope.
"Phantom has reason to believe that the reported exploit was due to complications related to importing accounts to and from @slope_finance," the company tweeted. "In the meantime, if any Phantom user has also installed another wallet, we recommend that you try moving your assets to a new non-Slope wallet with a fresh start phrase."
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)