Following the recent news that more than 9,000 hot wallets holding Solana cryptocurrency (SOL) were compromised, the developers of this particular blockchain are now saying the Slope wallets are actually to blame.
Numerous Solana users started to notice that their hot wallets had been compromised. Some $6 million worth of tokens have been stolen so far from the wallets. Affected users had hot wallets and seem to be primarily mobile users.
Hot wallets are always online, and the keys are stored in a centralized solution. While this gives users instant access to their funds, it also opens up several security issues. Initially, Solana developers said nothing about the breach, but after some investigating, they stated that the Solana blockchain was not to blame.
“After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” said the Solana devs on Twitter.
“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure. While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. There is no evidence the Solana protocol or its cryptography was compromised,” they added.
Several developers on Twitter accused Slone of storing encryption keys in plain text on a centralized server, but Slope denied it. The wallet devs also issued a statement admitting that the attack had affected a “cohort” of wallets. They have yet to confirm the true nature of the breach.
Slope advised its users to create a new and unique seed phrase wallet and transfer all assets to this new wallet. Reusing the exact seed phrase is not advisable. Owners of hardware wallets remain safe.