Solana and Slope Confirm Wallet Security Breach
The two projects said that they are still investigating today's attack, but confirmed that the incident affected Slope, a third-party wallet for Solana.
- Solana has confirmed that addresses affected by today's security breach were created or used within the Slope wallet.
- Slope also published an official statement on the situation, noting that it will provide a full postmortem in the future.
- Full details of the attack are still under investigation.
Share this article
The Solana Foundation and Slope have provided additional information on a security breach that affected thousands of wallets today.
Solana Confirms Wallet Breach
The Solana Foundation has published new details about today’s attack.
Earlier, nearly 8,000 addresses were drained through what was believed to be a breach of the third-party wallet app Slope.
This afternoon, the Solana Foundation confirmed on the Solana Status Twitter account that the addresses affected by the attack “were at one point created, imported, or used in Slope mobile wallet applications.”
It added that private key information was accidentally transmitted to an application monitoring service. It said that further details “are still under investigation.”
The attack only affected Slope’s downloadable wallet app; Slope hardware wallets are still secure. Though thousands of wallets were drained, the Solana Foundation added that the Solana protocol itself remains secure.
Slope also commented on the situation. It said that a “cohort” of Slope wallets were compromised and confirmed that several of its own staff wallets were drained.
Slope said that it had not confirmed the nature of the attack. “We have some hypotheses as to the nature of the breach, but nothing is yet firm,” Slope said in its official statement. It committed to publishing a full post-mortem in the future.
The company also suggested that users take action to secure their funds. It advised users to create a new seed phrase and wallet and transfer their funds to that wallet.
Both companies say that they are performing internal investigations and working with external auditors.
Various other individuals within the Solana ecosystem provided information and speculated on the attack earlier today.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.