The closed-source Slope wallet may be to blame for an ongoing exploit that has seen millions of dollars’ worth of cryptocurrency tokens stolen from more than 9,000 hot wallets, according to developers behind the Solana blockchain.
The Solana Foundation’s Twitter account is faulting the software of the wallets and not its own code for the attack on the second day of the exploit that has resulted in at least $6 million in various tokens being stolen from users of the Slope and Slope-tied Phantom wallets.
The network stated in a tweet on Wednesday morning that the issue does not appear to be a flaw with Solana core programming, but in software utilised by numerous software wallets popular among users of the network.
Unsuspecting hot wallets, whose keys are stored online rather than on a hardware device, were used to withdraw the stolen money.
The Slope developers made a statement in which they claimed that “a cohort” of wallets had been hacked, but they made no mention of any potential involvement of the private key storage procedures. A Slope spokesman said that they do not save any personal data on centralised servers — which is a statement that they themselves admitted was false later.
The creators of the Phantom wallet responded by saying they have a reason to think the claimed exploits are related to difficulties with importing accounts to and from Slope.
Anatoly Yakovenko, CEO of Solana Labs, first stated that he believed the breach might be related to a problem with the Apple iOS supply chain, but he has subsequently focused on a Slope-related exploit as the source.
So far seems like phantom users also used slope. So seems more likely that this is a slope specific bug.
— SMS aey.sol, 🇺🇸 (@aeyakovenko) August 3, 2022
When a bad actor inserts their own harmful code into the software of a larger system, it is known as a supply chain attack. In this case, an iOS supply chain assault would probably involve a hacker gaining access to private keys through the compromise of data that is connected to the internet.
A growing number of programmers are asserting on Twitter that they think Slope kept private keys in plain text on a centralised server that was accessed by the attacker.
While no specific plan of retaliation has been announced, several users and organisations have used Twitter to gather information from the victims of the attack. The 25 million Solana hot wallets in existence represent a very minor portion of the 9,000 drained wallets.