Crypto Twitter user and crypto developer Foobar tweeted a screenshot of MITM logs from Moon Rank NFT, showing the possibility that Slope may have logged user seed phrases on its centralised servers, which could have been compromised, leaking seed phrases to malicious hackers.
Phantom also responded to the exploit claiming that it “has reason to believe that the reported exploits are due to complications related to importing accounts to and from Slope finance” as some Phantom wallets were also drained of their SOL and tokens in the attack.
Earlier reports of the attack said that the users of Slope and Phantom hot wallets were being targeted, causing the community to believe that there might be something wrong with the Solana protocol. Solana’s head of communications, Austin Fedora, soon responded by stating that the problem was just isolated to hot wallets.
The Solana Status Twitter account said that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications”. And it soon added that “there is no evidence the Solana protocol or its cryptography was compromised”.
Slope issued an official statement addressing the exploit and the status of the ongoing investigations, including its efforts in working with internal and external investigation and audit groups.
It stated that “a cohort of Slope Wallets were compromised in the breach” and further advised all Slope users to transfer all assets to a new and unique seed phrase wallet. But it also reassured hardware wallet users that their private keys have not been compromised.
This security vulnerability impacting the Solana ecosystem has reportedly seen at least $8 million in SOL, SPL and other tokens drained from nearly 8000 wallets.