SOL Hack Update: Exploit Allegedly Tied To A Slope Finance Bug; Slope Reacts

Pandemonium spread within the crypto community from the early hours of August 3 till the close of the day, due to the multimillion dollar hack that drained over $6 million from most Solana users’ wallets.

Solana was understandably blamed for the exploit, despite limited information on the nature of the mechanism employed. However, an update on the matter has allegedly disclosed that Solana shares no blame in the exploit, revealing that software bugs emanated from a third party wallet provider.

Solana revealed there was no bug in its core code

Amidst the commotion pumped into the space, Solana revealed that there appears to be no bug in the network’s core code, in a tweet a few hours after the hack was brought to light, highlighting that the exploit might have had to do with third party wallet applications. This conclusion came after an investigation was made on the matter.

Shortly after the previous update, with more information coming to limelight, Solana disclosed that the addresses impacted used Slope wallet applications at some point. However, it was noted that Slope hardware wallets were not affected, fueling the already established belief that cold wallets are preferable to hot wallets in terms of security.

“While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service,” SolanaStatus (@solanastatus) added, “there is no evidence the Solana protocol or its cryptography was compromised.”

Slope allegedly stored users’ private key information in plain text

Following the series of investigations that disclosed Slope Finance’s unique involvement in the exploit, the platform released a statement highlighting facts that had been established on the matter and actions the team is taking to ensure core points of weakness are identified and rectified.

As previously reported, a large amount of Phantom wallets were also compromised in the hack. Addressing the issue, Phantom said that the Phantom addresses affected had been imported to and from Slope.

Slope admitted that a sizable amount of wallets on the platform was impacted in the hack. The platform mentioned that they have a theory as to what caused the attack, but “nothing is yet firm,” also stating that its staff and founders’ wallets were affected as well.

Unconfirmed reports suggest that the exploit originated from Slope’s security negligence. Developers on Twitter mentioned that Slope allegedly stored users’ private keys in plain text at some point which were inadvertently sent to an app monitoring service.