Multimillion-dollar Solana crypto theft linked to Slope mobile wallet

0

Earlier this week, thousands of crypto wallets connected to the Solana ecosystem were drained by attackers who used owners’ private keys to steal both Solana (SOL) and USD Coin (USDC). Solana now says that, after an investigation “by developers, ecosystem teams, and security auditors,” it’s linked the attack to accounts tied to the Slope mobile wallet app.

A chart set up on Dune to track the attacks tallies the amount of crypto stolen at just over $4 million, taken from over 9,000 unique wallets.

Slope Finance, which calls itself “the easiest way to discover web3 applications from one secure place,” has issued a statement advising all Slope users to create “a new and unique seed phrase wallet, and transfer all assets to this new wallet.” The blog post says “many” wallets belonging to Slope staff were also drained but notes that hardware wallets (also known as cold wallets, which are not connected to the internet) were unaffected.

Slope did not provide details of how the attack happened, but outsiders have uncovered evidence that the company’s mobile apps were transmitting users’ private keys unencrypted as part of their logging and telemetry.

In a tweet, the Solana group said, “The details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.” The company added: “There is no evidence the Solana protocol or its cryptography was compromised.”

Some Solana users keeping funds on wallets operated by third-party Phantom were also affected, but Phantom itself has placed blame for the breach firmly at Slope’s doorstep.

“Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance,” the company tweeted. “In the meantime, if any Phantom users have also installed other wallets, we recommend you try to move your assets to a new non-Slope wallet with a fresh seed phrase.”

FOLLOW us ON GOOGLE NEWS

 

Read original article here

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More