Solana was the victim of a $6 million heist that cleared out over 8,000 wallets in the early hours of 3 August. The exploit happened the day after the cross-chain bridge, Nomad, was lost to another hack to the tune of $190 million.
However, there has been an update to the Solana hack after some investigation. According to Solana blockchain developers, the exploit resulted from the negligence of the web3 wallet provider, Slope wallet.
<p lang=«en» dir=«ltr» xml:lang=«en»>After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2— Solana Status (@SolanaStatus) August 3, 2022
According to the statement, Solana’s ecosystem was not to be blamed for the loss. Solana foundation explicitly pointed at Slope because most of the affected wallets were linked to it.
In its response, the Slope team also admitted that it had a lot of wallets drained due to the hack. Similarly, Phantom wallet confirmed Solana’s findings, which had some of its users touched by the hack.
Based on the findings, Solana Foundation noted that Slope wallets may have hosted users’ private keys on centralized servers. Additionally, reports from other corners mentioned that the hackers could have gained access to users’ wallets.
In another related development, Solana CEO, Anatoly Yakovenko had earlier linked the exploit to a supply chain issue. However, its communications lead, Austin Fedora, revealed that it was not the case in a follow-up update.
In his tweet, Fedro said,
“It seemed to impact desktop wallets, mobile wallets, wallets of active degens, and wallets that had only ever received one transaction. If this was a supply
Read more on ambcrypto.com