As reported by Voice Of Crypto, the Solana network on August 3 experienced a serious security incident, causing about 8,000 wallets to be compromised and withdrawn. Since the hacker did not attack the smart contract of any project, the vulnerability is believed to have originated from an affected wallet project, which includes Phantom, Slope, and Trust Wallet.
After gathering information from affected users to determine the common ground, Solana decided that the cause of the attack originated from the Slope wallet.
Solana announced this discovery in a Twitter thread, stating that there is no evidence that the Solana protocol or its cryptographic aspect has been compromised. It further revealed:
"Following investigation by developers and security experts in the ecosystem, it appears that the affected addresses at some point created, imported, and used wallet-related applications. Crypto Slope.
This vulnerability only affects one Solana wallet, and Slope's other hardware wallets remain secure. While the exact cause is still being determined, the private key information may have been accidentally passed on to an application monitoring service."
A representative of Slope wallets also shared information about what happened, admitting that a group of Slope wallets was affected in the attack and that they are likely the source. Slope also advised users to create a new wallet and transfer assets there. They also asked them not to reuse the old wallet or the old seed phrase.
Many crypto users, from the revelations of Solana and Slope, tried to trace the attack and discovered that Slope had inadvertently sent seed phrases to 3rd party partners. Accordingly, the error section zoned around the scope of Sentry – a toolkit that helps programmers find bugs and redeploy programs faster.
However, ironically, this is the part that "logs" (records) the mnemonic keywords from the user's wallet and sends it to the server of Solana wallets, from which it is revealed to the hacker. It is not clear why this Slope wallet implements the above "log" operation.
After finding the cause, FTX CEO Sam Bankman-Fried commented that Solana is currently the most underrated crypto project at the moment, comparing the damage of the recent crash (about $6 million) with the $190 million Nomad cross-chain bridge attack that took place one day earlier.
The SOL price has yet to show any signs of recovering from yesterday's dump because of rumors that the vulnerability could spread to the entire network.
At the beginning of June, the SOL network also experienced an issue that resulted in a blockchain outage lasting more than 4 hours. That is the 4th time Solana has "collapsed" in 2022 alone.