All affected wallets are confirmed to have been created or used in the Slope wallet mobile app.
The developers behind the Solana blockchain are saying the closed-source Slope wallet could be responsible for the ongoing mining that led to the theft of millions of dollars worth of crypto tokens from over 9,000 hot wallets.
In the second day of the exploit that led to at least $6 million in various tokens being stolen from users of Phantom wallets tied to Slope and Slope, the Twitter account run by the Solana Foundation is to blame. for the wallet’s software, not its own. private code for the attack.
“This does not appear to be a bug with the Solana core code, but rather in the software used by several software wallets that are popular among network users,” the network said in a tweet Wednesday morning.
The stolen funds were withdrawn from unsuspecting hot wallets, which are wallets whose keys are stored online and not on a hardware device.
In a statement, Slope developers said “a group” of wallets was compromised, but the developers did not confirm whether private key storage operations could be involved. A representative of Slope told CoinDesk, “we do not store any personal data on a centralized server.” (The rep later admitted that this was an incorrect statement.)
For their part, Phantom wallet developers said they have “reason to believe that the reported exploits are due to the complexities involved in importing accounts to and from Slope.”
Solana Labs CEO Anatoly Yakovenko initially tweeted that he suspected the exploit might be related to Apple’s iOS supply chain problem, but later narrowed the source down to an attack on centralized servers. center of Slope, where private keys could have been stored in plain text.
A supply chain attack is when a bad guy injects his own malicious code into the software of a larger system. In this case, an iOS supply chain attack could be an attacker gaining access to private keys by breaking into internet-connected data.
Other developers on Twitter increasingly say they believe Slope has stored private keys in plain text on a centralized server, which has been compromised by an attacker.
An on-chain monitor will then reveal that Sentry, a third-party event logging platform connected to Slope, is doing just that.
A number of users and organizations have used Twitter to gather information from victims of the exploit, although no punishment plans have been put in place. The 9,000 withdrawal wallets represent only a fraction of the 25 million Solana hot wallets in existence.