Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
A large-scale coin theft event occurred on the Solana public chain, and a large number of users were transferred SOL and SPL tokens without their knowledge. The SlowMist security team analyzed the Slope wallet application at the invitation of the Slope team. The analysis showed that the version of the Slope wallet released on or after June 24, 2022 has the phenomenon of sending private keys or mnemonic words to third-party application monitoring services. However, from the investigation of the Slope wallet application, there is no temporary way to clearly prove that the root cause of the incident is the problem of the Slope wallet. Attack method (per SlowMist): Unknown. Reported loss: $ 4,000,000.
- chain
- solana
- protocol
- Slope Finance
- bug_class
- private-key
- date_occurred
- 2022-08-03
- loss_usd
- $4,000,000
- source_id
- sm:slope-finance::2022-08-03