A day after the exploit that saw over 8,000 wallets get drained of around $6 million in Solana and USDC, developers for the Solana blockchain are saying that the closed-source Slope wallet might be responsible.
Anatoly Yakovenko, CEO of Solana Labs, previously believed the exploit to be linked to an iOS supply chain issue, but further investigation has revealed the issue to be Slope related.
Several developers have voiced their concerns on Twitter, stating that they believe Slope was storing private keys as plaintext on a centralised server, which the attacker later compromised to carry out the exploit. The Solana Foundation has also blamed Slope for the attack, saying that they didn’t find any bugs in the Solana core code “but in software used by several software wallets popular among users of the network”.
The Solana Foundations’ preliminary investigations found that all affected wallets were created, imported or used in Slope mobile wallet applications at some point. As it turns out, Sentry, a third-party event logging platform connected to Slope, was logging app actions on any interactions. Slope hadn’t configured Sentry to wipe any sensitive information and hence, private keys were leaked to Sentry, which could likely be the cause of the exploit.
Slope did issue a statement saying several wallets were compromised; however, it didn’t confirm whether or not their private key storage practices were involved. The company is currently conducting internal investigations and audits and working with “developers, security experts, and protocols from throughout the ecosystem” to identify and possibly fix the issue.
As for the Phantom wallet, developers believe that the exploit happened due to complications related to importing accounts to and from Slope. That said, Phantom itself is looking for other vulnerabilities that may have contributed to the exploit.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.