Slope Finance appears to be the source of the Solana mining that has affected thousands of users. Wallet owners are advised to transfer funds immediately from Slope imported wallets.
Solana crashed due to Slope wallet
As was updated in an earlier Coincu News article, on August 3, Solana experienced a security attack that affected over 8000 wallets of the platform and the damage is estimated at around $580 million.
Finally, details about the genesis of the exploit are becoming public. Wednesday night, Slope released a statement recommending all wallet owners to transfer any cash in wallets imported into Slope. The warning expanded on the advice to state that it does “not recommend using the same seed phrase on this new wallet that you had on Slope.”
Fantom wallet hinted at by the platform as the source of the incident has also been confirmed “complications related to importing accounts to and from Slope Finance“.
In the Twitter thread, the Solana Foundation revealed that “private key information was inadvertently transmitted to an application monitoring service“.
What’s remarkable in a tragic story is that the problem doesn’t appear to be a blockchain or seeding issue. A flaw in the cryptographic proofs of the Solana blockchain could have a devastating impact on the entire cryptocurrency ecosystem. However, this appears to be no longer on the tokens, and the Solana Foundation asserts that “there is no evidence that the Solana protocol or its cryptography has been compromised.”
In a log screenshot from Moon Rank NFT, Foobar highlighted the possibility of including private keys and memorable phrases in the Slope API call. While the POST request appears to have been sent over SSL encryption, the fact that a root phrase is included is a cause for concern. One possible cause is a man-in-the-middle attack, where a malicious actor can overhear communications between two parties to steal sensitive information.
Binance founder and CEO, CZ, has also now recommended all users who have used wallets on Slope Finance move funds to a fresh wallet or to Binance if you do not understand the words “private key or seed phrase.”
Fortunately, the total stolen assets included an illiquid Shitcoins, worth $570 million on Solscan. Therefore, the actual amount of money that was temporarily stolen was less than $10 million.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews