On August 9, Solana released an update on the slope wallet event on August 2: starting from 22:37 UTC on August 2, 2022 and lasting for about 4 hours, one or more malicious attackers stole 9231 wallets with a total value of about $4.1 million. The chain transaction shows that the private key of the affected wallet has been leaked and used to sign malicious transactions.
In the investigation of developers, analysis companies and security auditors, the affected addresses appear to have been created, imported or used in the slope wallet application (created and published by slope Finance) on IOS and Android. The private key data of these slope users was inadvertently transmitted to the application monitoring service by slope, but the way the hackers obtained or intercepted this information is still under investigation.
This attack does not involve the core code related to Solana labs, Solana foundation or any Solana protocol itself. This is not a protocol level vulnerability. This vulnerability seems to be isolated from a wallet provider that supports Solana and ETHereum addresses, but the affected users on other software wallets (such as phantom and solflare) may be the result of users' repeated use of mnemonic words generated or stored in slope.
At present, the authorities believe that this is not directly related to any specific wallet implementation other than slope. Since both ETHereum and Solana use bip39 mnemonic, any impact on users using Ethereum wallet may also be due to the repeated use of mnemonic words.
Any wallet generated from mnemonics that has never been imported (or used by slope wallet) is not affected. However, as long as users import their mnemonic words into the slope application, there is a risk of attack.
In addition, Solana officials also emphasize that users of slope wallet or users who have previously imported mnemonic words into slope may have their wallets stolen even if no assets are transferred. Therefore, it is suggested that:
-Generating a new mnemonic in another wallet application;
-Transfer all assets (token and NFT) to this new wallet;
-Give up using the old wallet address because it may be attacked.
Users should not reuse mnemonic derived wallets previously used in the slope mobile app.
