{"id":480956,"date":"2022-08-04T05:22:14","date_gmt":"2022-08-04T02:22:14","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/slope-wallets-blamed-for-solana-based-wallet-attack\/"},"modified":"2022-08-04T05:22:14","modified_gmt":"2022-08-04T02:22:14","slug":"slope-wallets-blamed-for-solana-based-wallet-attack","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/slope-wallets-blamed-for-solana-based-wallet-attack\/","title":{"rendered":"# Slope wallets blamed for Solana-based wallet attack"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a232985d57e6\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a232985d57e6\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/slope-wallets-blamed-for-solana-based-wallet-attack\/#%E2%80%9D_Slope_wallets_blamed_for_Solana-based_wallet_attack_%E2%80%9C\" >&#8221; Slope wallets blamed for Solana-based wallet attack &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Slope_wallets_blamed_for_Solana-based_wallet_attack_%E2%80%9C\"><\/span>&#8221; Slope wallets blamed for Solana-based wallet attack &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-28d77a7a>As the dust settles from yesterday\u2019s Solana ecosystem mayhem, data is surfacing that wallet provider Slope is largely responsible for the security exploit that stole crypto from thousands of Solana users.<\/p>\n<p>Slope is a Web3 wallet provider for the Solana layer-1 (L1) blockchain. Through the Solana Status <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> account on Aug. 3, the Solana Foundation pointed the finger at Slope stating that \u201cit <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1\/2<\/p>\n<p>\u2014 Solana Status (@SolanaStatus) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/SolanaStatus\/status\/1554921396408647680?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nSolana co-founder Anatoly Yakovenko also linked Slope wallets to the hack in his own personal Twitter account. He advised users to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/aeyakovenko\/status\/1554936705924272130\">regenerate<\/a> a seed phrase from a service other than Slope as soon as they can. He also told an affected user to \u201cStart practicing the cold\/hot wallet separation.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Attacker is lazy at driving all the paths.  A bunch of phantom users only saw their slope addresses get drained.  I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.<\/p>\n<p>\u2014 SMS aey.sol,  (@aeyakovenko) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/aeyakovenko\/status\/1554936705924272130?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Solana-based wallet exploits first surfaced on Aug. 2, after the community began reporting that their crypto wallets were being drained of their Solana (SOL) and other tokens. It is estimated that\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/beta-analysis.solscan.io\/public\/dashboard\/ffaf8155-1d6f-4ec7-96db-2e8e8bc5c160\">roughly<\/a> $8 million in crypto was stolen from nearly 8,000 wallets.<\/p>\n<p>Through its investigation, the Solana Foundation determined that the private keys for each of the wallets compromised in the exploit were \u201cinadvertently transmitted to an application monitoring service\u201d such as Slope. <\/p>\n<p>It added that there was no evidence to suggest the Solana protocol or its cryptography was at risk from the attack.<\/p>\n<p>Some <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xfoobar\/status\/1554904067411001346\">reports<\/a> abound that Slope may have logged user seed phrases on its centralized servers. The servers could have been compromised and leaked seed phrases, which a hacker could use to execute transactions.<\/p>\n<p>Earlier reports of the attack on the day said that users of Slope and Phantom <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xfoobar\/status\/1554904067411001346\">hot wallets<\/a> were being targeted, leading many to believe there could be a broader issue with the Solana protocol, a however further analysis shared by Solana\u2019s head of communications Austin Fedora\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Austin_Federa\/status\/1554935018094530560\">found<\/a> that the problem was isolated to just hot wallets.<\/p>\n<p>Fedora said that while 60% of the victims of the attack were Phantom users, those affected did not generate their seed phrase using Phantom.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We spun up a Typeform to collect data and the results were clear \u2013 of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn&#8217;t find a single Phantom-forever user who had their wallet drained<\/p>\n<p>\u2014 Austin Federa | sms (@Austin_Federa) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Austin_Federa\/status\/1554935018094530560?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Slope issued a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.google.com\/document\/d\/1zdm2KMW2g6JYHsdmSe8zDs56l4NfL-MaQ7nIbV9ohc8\/edit\">statement<\/a> addressing the status of its ongoing investigation into the incident on Wednesday confirming that \u201cA cohort of Slope wallets were compromised in the breach,\u201d including some belonging to its own staff.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>GitHub faces widespread malware attacks affecting projects, including crypto<\/em><\/strong><\/p>\n<p>The team urged users of Slope wallets to generate a new unique seed phrase and transfer all funds to it rather than keeping any funds on old wallets which could still be exploited later on. The Phantom team stepped up the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/phantom\/status\/1554918071306952704\">warning<\/a> by advising users to move their assets to a new non-Slope wallet.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-08\/de345e27-4509-4857-998a-2f518ee4de10.PNG\"><\/figure>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/slope-wallets-blamed-for-solana-based-wallet-attack\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Slope wallets blamed for Solana-based wallet attack &#8220; As the dust settles from yesterday\u2019s Solana ecosystem mayhem, data is surfacing that wallet provider Slope is largely responsible for the security exploit that stole crypto from thousands of Solana users. Slope is a Web3 wallet provider for the Solana layer-1 (L1) blockchain. Through the Solana&#8230;<\/p>\n","protected":false},"author":1,"featured_media":480957,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvYTgwNzYwNTMtOTgzZC00ZTcwLTkyZGUtNDg5YTg5YTEwNTcwLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74882,89871,92498,74879,93542,117,70944],"class_list":["post-480956","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-hacks","tag-hot-wallet","tag-solana","tag-wallet","tag-web3","tag-business","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/480956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=480956"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/480956\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/480957"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=480956"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=480956"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=480956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}