Slope wallets blamed for Solana-based wallet attack

cointelegraph.com:

As the dust settles from yesterday’s Solana ecosystem mayhem, data is surfacing that wallet provider Slope is largely responsible for the security exploit that stole crypto from thousands of Solana users.

Slope is a Web3 wallet provider for the Solana layer-1 (L1) blockchain. Through the Solana Status Twitter account on Aug. 3, the Solana Foundation pointed the finger at Slope stating that “it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications.”

After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

Solana co-founder Anatoly Yakovenko also linked Slope wallets to the hack in his own personal Twitter account. He advised users to regenerate a seed phrase from a service other than Slope as soon as they can. He also told an affected user to “Start practicing the cold/hot wallet separation.”

Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.

The Solana-based wallet exploits first surfaced on Aug. 2, after the community began reporting that their crypto wallets were being drained of their Solana (SOL) and other tokens. It is estimated that roughly $8 million in crypto was stolen from nearly 8,000 wallets.

Through its investigation, the Solana Foundation determined that the private keys for each of the wallets compromised in the exploit were “inadvertently transmitted to an application monitoring service” such as Slope.

It added that there was no evidence to suggest the Solana