- Slope Wallet has been identified as the conduit of yesterday’s Solana hack
- The project admitted that “a cohort” of its wallets was affected
- Solana said that all ransacked addresses had some form of contact with Slope Wallet
The Slope Wallet, one of the wallets affected by yesterday’s Solana hack, appears to be the conduit for the event that saw some $4.5 million worth of SOL and USDC stolen. While details remain unclear, what is known is that all the affected addresses were at one point connected to, or created in, the Slope mobile wallet. Slope released an update last night saying that it was still investigating the issue, but the community has already gathered the pitchforks against it.
8,000 Wallets Raided
Yesterday’s hack has made headlines in mainstream media outlets, which is rare for a hack of such a comparatively low dollar amount. Some 8,000 addresses were known to have been compromised, and the first suggestions are that code in the Slope wallet could have been the issue:
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
What’s particularly galling for some victims is that they might not have actually been using the Slope Wallet any more – if they used it at any point in the past, then they were fair game.
Slope Faces Community Backlash
Slope put out an official statement last night, in which it did not admit fault but acknowledged that “a cohort of Slope wallets were compromised in the breach”, adding that “we have some hypotheses as to the nature of the breach, but nothing is yet firm.”
It added that it was “actively conducting internal investigations and audits” and working with external security and audit groups, developers, security experts, and other protocols to rectify the issue. It also advised users to create a new Slope wallet address and seed phrase, which is optimistic at best.
Predictably, Slope users took to Twitter to vent their grief and anger at the wallet maker:
Same issue here. Wen refund?
— N3bula.SOL (@N3bulaCoin) August 3, 2022
i just want to know will you pay me from my losses. @slope_finance
— Hugo (@vvccrosswall) August 3, 2022
Slope promised it will provide further updates when more become clear, and with users already demanding refunds it will have to ensure it gets its community back onside quickly to avoid the potential of legal action against it.