The multi-million Solana crypto hack, that drained more than 8,000 wallets worth around $8 million, has been linked to accounts tied with the Slope mobile wallet app.
Slope Finance said in a statement that a cohort of Slope wallets were compromised in the breach, advising users to create “a new and unique seed phrase wallet, and transfer all assets to this new wallet.”
“We have some hypotheses as to the nature of the breach, but nothing is yet firm. We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained,” the company said late on Thursday.
Solana is a high-performance Blockchain supporting builders around the world creating crypto apps that scale.
Solana said that after an investigation by developers, ecosystem teams, and security auditors, “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications”.
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.
“While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service,” Solana said in a tweet.
There is no evidence the Solana protocol or its cryptography was compromised, it added.
The attack affected “hot” wallets which are always connected to the internet, allowing people to store and send tokens easily.
The attack also compromised other wallets including Phantom, Solflare and TrustWallet.
Phantom, a Solana-based wallet that hit $1.2 billion in valuation earlier this year, said it’s “working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem.”
“At this time, the team does not believe this is a Phantom-specific issue,” the wallet developer said.
The attack on Solana came as cryptocurrency service Nomad suffered a “chaotic” attack, with hackers draining almost $200 million in digital funds from the company within a few hours.