BuzzNode Logo
BuzzNode
Bitcoin: ...
Ethereum: ...
Solana: ...

Solana Wallet Hack - Millions Stolen, What We've Learned

Cover Image for Solana Wallet Hack - Millions Stolen, What We've Learned
James
James
4 min

Stolen funds totaling more than $6 million and over 8000 wallets were affected by this latest Solana wallet hack.

Initially, the community thought it was the Solana chain that was potentially vulnerable, or possibly a popular website with many connected wallets. Later, after the event was reported upon, and additional funds were stolen, the culprit was found to likely be Slope. Slope is a Solana wallet available for Chrome and mobile devices.

Who was impacted by the hack?

Users complained their funds were drained from multiple “hot” wallets including Phantom, Slope, and TrustWallet. 

Popular Solana-based wallet, Phantom, commented on the event, saying “reported exploits are due to complications related to importing accounts to and from Slope Finance”. This is a positive note for the Solana community as Phantom is the most popular and largest of the wallets in the Solana chain.

Anyone that used a Slope wallet, or imported their seed phrase into the wallet is potentially vulnerable. With over 8000 wallets affected by this incident, many users are hoping their funds will be returned to them. Even some Slope Wallet Founders were among those with stolen funds.

How did wallets get hacked?

Slope is a “hot” wallet, one that’s connected to the internet, so it can directly interact with other online services. Users of the wallet can hold any coins available on the Solana network, such as USDC.

When a user creates a wallet their seed phrase is sent to Sentry, Slope’s server for storing user seed phrases. The server storing this confidential information was doing so in plain text. This means anyone with access to Sentry would be able to take all the funds from any of the wallets on the platform. 

It’s likely a third party was given access to Sentry and could see the private keys and mnemonic phrases. This led to a malicious actor stealing millions from the Slope users' wallets.

Slope's Response to the hack?

They are cooperating with a leading blockchain intelligence firm, TRM Labs, to monitor the hacker's wallets. As well as try and provide information regarding their security and scope of the event.

Additionally, Slope is offering a 10% bounty to recover users' funds, and would like 90% returned. Unfortunately, as of writing this more than 48 hours have passed since their tweet and there has been no mention of the crypto being returned.

Trust Problems in Crypto

This incident highlights one of the key issues with cryptocurrency. Without openness and users storing their own private keys there will continue to be a trust issue. As they say “Not Your Keys, Not Your Crypto”. The Solana ecosystem as a whole has had continued growth over the past months, and occurrences like these paint the blockchain in a negative light. They only hamper its growth.

How to Protect your Crypto and Keys

When it comes to securing your digital currency, it pays to be knowledgeable about the ways in which you can store your money. Slope is a “hot” wallet, along with many other popular wallets for the Solana chain like Phantom, they can all potentially have you lose your funds. The best way to store crypto that you won’t be using immediately is in a “cold” wallet. It ensures the wallet and keys have no connection to the internet, so only you have access to your crypto.

An alternative in situations like this is to send your cryptocurrency to a reputable exchange. If you don’t have a “cold” wallet on hand it may take a few days to have one ordered and arrive at your door, so temporarily transferring crypto to a secure exchange is the next best option.