Hacker Stole $4.1mil worth of Assets From Solana Hot-wallets

August 10, 2022

Darko Simunovski

Tokenpaddock.com content is written in English. Translations into other languages are automated and there may be minor text errors.

Choose Language: 

On 2nd of August, Solana owners reported that their funds were vanishing and by evening it became clear a hacker was draining millions from online wallets.

The cause of the hack is still under investigation and so is the extent of the damage, on 3rd August, the “Solana Status” Twitter account shared that the exploit seems to be tied to Slope wallets private key (or password) information for such wallets was inadvertently transmitted to an application monitoring service.

Security firms estimate that the hacker stole over $4.1 million worth of assets, including Solana’s native coin SOL, small number of non-fungible tokens (NFTs), and over 300 Solana-based tokens.

Over 9,230 Solana hot wallets were hacked in the attack that happened on 2nd of August, those hot wallets are Phantom, Slope, and Trust Wallet.

On 8th of August Solana status tweeted:

As always, hardware wallets are strongly encouraged for all blockchain users. Hardware wallets can remain secure even if the software wallet (or the entire computer) is compromised, since all verification occurs independently and the seed phrase never leaves the hardware wallet.

Day before yesterday Solana.com posted a blog called: 8/2/2022 Slope Wallet Incident Update.

If you are a user of Slope, or have ever previously imported seed phrases into Slope, your wallet may be compromised. Please take the steps outlined in the Mitigation section. During an investigation by developers, analytics companies, and security auditors, it appears that affected addresses were at one point created, imported, or used in the Slope wallet applications on iOS and Android (created and published by Slope Finance).

Private key material from these Slope users was inadvertently transmitted by the Slope app to an application monitoring service, but exactly how the hacker obtained or intercepted this information is still under investigation. No core code related to Solana Labs, the Solana Foundation, or anything related to Solana protocol itself was involved in this attack.

This was not a protocol-level vulnerability. However, all a user had to do to become vulnerable was import their seed phrase into the Slope app.

This is very good example that you can’t share your seed phrase with anyone, not even your hot wallet issuer, in this case Slope app.

Changing crypto to cash or vice versa for only 1.5%!

Be part of the crypto community and connect with like-minded people to exchange knowledge and experience.

Crypto Dive In
brings you closer to the world of cryptocurrencies!

???? The first digital crypto exchange in Macedonia

???? Buy and hold Bitcoin and other cryptocurrencies

???? Converting your crypto to currencies and vice versa

???? Physical or Virtual Card for purchases – ApplePay & GooglePay

???? Withdraw cash from select ATMs – NO FEES

???? Instant transfer of euros to over 180 countries – NO COMMISSION

???? From any location with just your mobile phone


Place your ads here:


3 Months/120€


Join Our Newsletter

Get the latest news in crypto world, analysis and more. We promise we wont spam.

Recent Posts