Ethical Hackers Fought Against Slope Exploiters in Recent Solana Attack
The latest update on the ongoing investigation.
The dust is beginning to settle on the chaos that unfolded Tuesday, August 2, when users of a number of wallet platforms had their Solana and USDC drained. The total amount of stolen funds is now estimated to be approximately $4.8 million USD according to data from SolScan.
During the multi-day attack, white hat hackers, otherwise known as “ethical hackers,” did what they could to restore order and protect user funds. In an update yesterday, August 3, Solana shared that it has identified the root cause of the hack to be compromised private keys “created, imported, or used in Slope mobile wallet applications.”
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Initially thought to be an issue with Solana’s Phantom wallet, the underlying issue was actually an exploit found in the Slope platform, a hot wallet application. In additional data shared by SolScan, it seems that over 10,000 individuals were affected as a result of the attack.
In an attempt to hinder the hacker’s activities, one pseudonymous developer, SolBlaze, suggested the use of what is called a write-lock. This script would in theory make a change to an accounts balance and ultimately trigger a temporary write lock of the account on the Solana blockchain — slowing down the transaction speed of the attacker.
Additionally, a number of white hat hackers stepped forward to try and mitigate the attacks by deploying the developers proposed script. While sending the malformed transactions did slow down the attackers, it also ended up knocking Solana’s RPC server, (network communication), temporarily offline.
Many RPC servers have gone offline due to white-hat hackers purposefully DDOSing them to slow down the hacker. Currently, it seems like the main Solana RPC server run by Triton as well as QuickNode and Ankr have gone offline.
— SolBlaze.org | Stake with us! (@solblaze_org) August 3, 2022
Solana’s Co-Founder, Anatoly Yakovenko, said that it appeared that both IOS devices and “Android seems to be affected as well. All the confirmed stories so far have had the key imported or generated on mobile. Most of the reports are slope, but a few phantom users as well.”
The most recent update from the platform is that the investigation is ongoing but that there is no evidence of the Solana protocol or its cryptography being compromised — in other words it was isolated to a hot wallet exploit.
Slope itself has since issued a statement recommending users create new hot wallets with a different set of seed phrase keys and transfer their funds there while it conducts an internal investigation.