Earlier this week, thousands of cryptocurrencies connected to the Solana ecosystem were compromised by attackers who used the owners’ private keys to steal Solana (SOL) and USD Coin (USDC). Solana said today that after an investigation by “developers, ecosystem teams and security auditors,” it linked the attack to accounts connected to the Slope mobile wallet. A chart created by Duna to track the attacks puts the amount of stolen cryptocurrency at just over $4 million, taken from over 9,000 unique wallets. Calling itself “the easiest way to discover web3 apps from a safe place,” Slope Finance released a statement advising all Slope users to “create a new and unique sluff phrase and bring all assets to the new fair.” The blog post said that “many” wallets belonging to Slope employees were also drained, but noted that hardware wallets (also known as cold wallets that are not connected to the Internet) were not affected.
Slope did not provide details on how the attack occurred, but outsiders discovered evidence that the company’s mobile apps were sending users’ private keys unencrypted as part of their logins and telemetry. In a tweet, the Solana team said: “The details of how exactly this happened are still under investigation, but the private key information was accidentally sent to the application monitoring service.” The company added: “There is no evidence that Solan’s protocol or its cryptography has been compromised.” Some Solana users depositing funds into third-party Phantom-operated wallets were also affected, but Phantom itself laid the blame for the breach firmly at Slope’s door. “Phantom has reason to believe that the reported exploits are related to complications with importing accounts to and from @slope_finance,” the company said on Twitter. “In the meantime, if there are Phantom users who have other wallets installed, we recommend that you try transferring your assets to a new non-Slope wallet with the new seed set.”