Solana devs trace the root cause of the exploit to Slope wallet

Solana team confirmed that all compromised addresses “were at one point created, imported, or used in Slope mobile wallet applications.”

When first reports of the attack on Solana-based wallets surfaced Tuesday night, researchers considered several possible versions of the incident, calling for the community to wait for the official announcement. But now evidence surfaced that wallet provider Slope was the one to blame for an $8 million hack.

The investigation carried out by Solana developers, ecosystem teams, and security researchers revealed that the private keys from all compromised wallets were “inadvertently transmitted to an application monitoring service” such as Slope. Previously, the group noted that they found no proof that the breach originated from a bug in Solana’s cryptography.

Slope Finance responded to the findings in an official statement, “We are still actively diagnosing, and are committed to publishing a full post mortem, earning back your trust, and making this as right as we can.” The company admitted that a cohort of its wallets were compromised in the exploit, but added that the exact cause of the breach still remains unknown.

“We have some hypotheses as to the nature of the breach, but nothing is yet firm,” the Slope team wrote in a Medium post. “We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.”

However, some researchers believe that the incident occurred due to Slope logging users’ seed phrases on its centralized servers that could have been compromised.

Slope recommended users to create a new and unique seed phrase wallet and transfer all their assets to it. The company also assured everyone that hardware wallets haven’t been affected.

The team continues to work “with developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify” the issue.