Solana[1] was the victim of a $6 million heist that cleared [2]out over 8,000 wallets in the early hours of 3 August. The exploit happened the day after the cross-chain bridge, Nomad, was lost[3] to another hack to the tune of $190 million.
However, there has been an update to the Solana hack after some investigation. According to Solana blockchain developers, the exploit resulted from the negligence of the web3 wallet provider, Slope wallet.
Why the “Slope-ry area”
According to the statement, Solana’s ecosystem was not to be blamed for the loss. Solana foundation explicitly pointed at Slope because most of the affected wallets were linked to it. In its response, the Slope team also admitted [4]that it had a lot of wallets drained due to the hack. Similarly, Phantom wallet confirmed[5] Solana’s findings, which had some of its users touched by the hack. Based on the findings, Solana Foundation noted that Slope wallets may have hosted users’ private keys on centralized servers. Additionally, reports[6] from other corners mentioned that the hackers could have gained access to users’ wallets.
Hot wallets only
In another related development, Solana CEO, Anatoly Yakovenko had earlier linked[7] the exploit to a supply chain issue. However, its communications lead, Austin Fedora, revealed[8] that it was not the case in a follow-up update. In his tweet, Fedro said, “It seemed to impact desktop wallets, mobile wallets, wallets of active degens, and wallets that had only ever received one transaction. If this was a supply chain attack hitting all these users, that would have been very scary for all of web3”Furthermore, he suggested that users who still had assets in their
