pull down to refresh

⚠️Slope wallets blamed for Solana-based wallet attack⛔
20 sats \ 7 comments \ @simple 4 Aug 2022 bitcoin

-Solana Status(@SolanaStatus)

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3
There is no evidence the Solana protocol or its cryptography was compromised. 3/3
write
preview
related posts
0 sats \ 2 replies \ @Creamlike8624 4 Aug 2022
proof of stake
reply
0 sats \ 1 reply \ @simple OP 4 Aug 2022
what you mean??
reply
0 sats \ 0 replies \ @Creamlike8624 5 Aug 2022

I mean Solona is very centralized with proof of stake, the reason of attack is centralization

reply
0 sats \ 0 replies \ @happy 4 Aug 2022

Solana is heavily centralized.

reply
0 sats \ 2 replies \ @simple OP 4 Aug 2022

-Solana Co-founder Anatoly Yakovenko

Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.
reply
0 sats \ 1 reply \ @simple OP 4 Aug 2022

-Solana's head of communications Austin Fedora

We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn't find a single Phantom-forever user who had their wallet drained
There's a lot more to go into about the actual vulnerability, but work is still ongoing at this point. https://t.co/pXeWbanveB
There's far too many people to tag, but something all of CT should know is, in a moment potentially catastrophic crisis people who sometimes snipe on Twitter rolled up their sleeves and got to work.
The investigations are ongoing, and I can't stress enough the importance of creating a new seed phrase in a non-slope wallet, and moving any assets you have in a Slope hot wallet over. Then go buy a hardware wallet.
And what about the ETH users drained? Turns out, they'd been using their Solana BIP39 phrase in Ethereum, too! So the hacker inadvertently was able to access assets stored on ETH. From the outside, it was indistinguishable from a supply chain attack.
reply
0 sats \ 0 replies \ @simple OP 4 Aug 2022

-Phantom Team @phantom

1/ Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance. We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident.
2/ In the meantime, if any Phantom users have also installed other wallets, we recommend you try to to move your assets to a new non-Slope wallet with a fresh seed phrase.
reply