This article is more than 1 year old
Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets
SOL holders literally S.O.L.
Millions of dollars worth of Solana cryptocurrency and other tokens were stolen from seemingly thousands of netizens this week by thieves exploiting some kind of security weakness or blunder.
From what we can tell, and details are still light, somewhere between $4.5 million and $8 million in coins – including stablecoins USDC and USDT, and Solana's SOL – were taken from roughly 8,000 Slope and Phantom mobile app wallets.
Slope provides Android and iOS apps that act as wallets for people's crypto-assets, allowing them to send and receive coins. It is primarily aimed at the Solana ecosystem. Starting Tuesday, miscreants siphoned funds on a near industrial scale from people's Slope mobile wallets.
Phantom, meanwhile, also makes a Solana-focused mobile wallet for Android and iOS. Coins were drained from some of its users' mobile wallets, though the majority of stolen funds were pulled from Slope wallets. Phantom pointed the finger of blame toward Slope, suggesting a flaw in its technology or processes allowed some Phantom wallets to be emptied.
"Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope," it said Wednesday. "We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident."
Phantom is not the only one blaming Slope. The Solana Foundation, which steers the development of the cryptocurrency, on Wednesday said that "after an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications."
"Hardware wallets used by Slope remain secure," the foundation continued. "While the details of exactly how this occurred are still under investigation, private key information was inadvertently transmitted to an application monitoring service. There is no evidence the Solana protocol or its cryptography was compromised."
Essentially, the foundation is saying that somehow the private key info of people's Slope wallets, and wallets handled by Slope at some point, leaked out into the wild, and these were seized and used by crooks to hijack those funds and transfer it all away.
It's speculated the mnemonic phrases for users' wallets may have been sent by the apps in event logs to a Sentry service. If that's the case, someone who gained access to that logging service would have been able to obtain the phrases, which can be used to open people's wallets.
As Slope's documentation explains, "A mnemonic phrase, mnemonic seed, or seed phrase are defined as a secret group of words that represent a wallet. When used in the sequence, they allow access to the cryptocurrencies stored within.
"Your phrase must be kept secret, anyone who discovers it can steal your crypto."
The Solana Foundation had earlier stated: "Engineers from across several ecosystems, in conjunction with audit and security firms, continue to investigate the root cause of an incident that resulted in approximately 8,000 wallets being drained.
"This does not appear to be a bug with Solana core code, but in software used by several software wallets popular among users of the network."
We feel the community's pain, and we were not immune. Many of our own staff and founders' wallets were drained
Slope, meanwhile, issued a statement, confirming "a cohort of Slope wallets were compromised."
"We have some hypotheses as to the nature of the breach, but nothing is yet firm," it added. "We feel the community's pain, and we were not immune. Many of our own staff and founders' wallets were drained."
While hardware wallets' keys "have not been compromised," according to Slope, the wallet provider urged all of its users to "create a new and unique seed phrase wallet, and transfer all assets to this new wallet."
"Again, we do not recommend using the same seed phrase on this new wallet that you had on Slope," the outfit added.
Solana provides a relatively high-speed blockchain whose SOL digital token ranks as one of the larger cryptocurrencies.
- How a crypto bridge bug led to a $200m 'decentralized crowd looting'
- Robinhood's crypto unit hit with $30m fine over security, anti-crime misses
- More than $100m in cryptocurrency stolen from blockchain biz
- Crypto exchange Kraken reportedly hunted by the Feds for alleged sanctions busting
Solana declined to put a dollar amount on the stolen tokens, though third-party analytics firms and researchers have estimated losses ranging from $4.5 million to at least $5.8 million to all the way up to $8 million.
But even for users whose tokens weren't stolen in the attack, the snafu sent SOL's value tumbling during a week in which the hits keep on coming for cryptocurrency fans and orgs.
The Slope security breach happened a day after a "chaotic" hack hit bridge service Nomad, resulting in about a $200 million loss in what has been described as a "decentralized crowd looting."
And on Monday, following a $30 million fine for violating New York's anti-money-laundering and cybersecurity regulations, Robinhood CEO Vlad Tenev announced he was cutting staff by 23 percent, or about 900 people. ®