Solana is recovering after a vulnerability was found in a third-party service
For Solana users, the last 24 hours have been full of anxiety, as social media was flooded with posts about blockchain-based wallets being hacked and no official comments being given. Phantom and Slope wallet users most frequently reported losing money, which was initially perceived as a problem with the network. Later on, it turned out that no one among those who had lost funds had generated a seed phrase using Phantom.
Solana's investigation found that the exploit compromised private keys generated by Slope. A Slope spokesman first told reporters that the service didn't store any personal data on a centralised service but later admitted the statement was incorrect.
According to Phantom's developers, the exploit is probably due to a lack of security in the Slope account import/export service, so a number of users have accused Slope of storing keys on a centralised service in plain text.
The audit company Zellic conducted its own investigation and got to the bottom of the leak, concluding that the Slope team hadn't properly configured the Sentry service, making the keys available to intruders.
After getting to the bottom of the circumstances surrounding the data leak, Slope's developers suggested that customers create a new wallet to transfer funds by generating a different unique phrase. Moreover, the Phantom team advised users to urgently transfer funds to a wallet not affiliated with Slope.
Slope-affiliated accounts that haven't updated their keys are still at risk of attack, with the number of affected individuals rising to 9,000. However, it's a small share of the total number of Solana-based wallets, which numbers 25 million. SOL recovered from yesterday's shocks as the risk of blockchain problems retreated.
StormGain Analytics Team
(crypto trading, exchange and storage platform)