Solana Wallet Hack Explained

Andre Costa
Web3 Magazine
Published in
3 min readAug 10, 2022

The Solana crypto community was rocked earlier this week by what appeared to be an unsolvable hack that stole about $4.5 million in SOL from the wallets of thousands of users. According to an initial estimate by the MistTrack team, 8,000 wallets were affected, and the money from those wallets was being transferred to four addresses that belonged to the alleged perpetrators. It was estimated that 15,200 Solana wallets were affected.

The MistTrack team also calculated that the total losses could have reached $580 million if the calculations took into account the value of a mysterious token called EXIST that was also taken by the hacker.

Early on in the exploit, the PeckShield team had identified a supply chain problem affecting some Solana wallets as the most likely culprit. They continued by mentioning TrustWallet and Slope Wallet as potential victims. They concluded from their analysis that the attacker had discovered or stolen the private keys belonging to users of particular Solana wallets.

@0xfoobar, a member of the crypto and DeFi communities, also focused the issue on a supply chain problem that exposed private keys. He discovered that users of the Phantom and Slope wallets who had not used them in over six months were impacted by the hack. He advised Solana owners to move their money to a hardware wallet or a crypto exchange wallet since those wallets didn’t appear to be impacted by the issue.

Through their respective CEOs, Binance, OKX, and KuCoin cryptocurrency exchanges also advised Solana holders to move their SOL to the three platforms for security while the issue’s root cause was being looked into.

Engineers from Solana investigated the problem as well. They came to the conclusion that the issue wasn’t a flaw in the Solana core code, but rather a flaw in the software utilized by well-known third-party SOL wallets. They advised Solana owners to move their SOL to hardware wallets because those devices didn’t appear to be impacted by the bug.

What Went Wrong?

Numerous answers started to emerge as investigations to identify the problem’s primary cause got more intense. First, the OtterSec team independently verified that users of Slope Wallet were impacted. Slope’s mobile app transmits private key mnemonics from their investigations to their central Sentry server using TLS. The mnemonics are then saved in plain text, making users’ private keys accessible to anyone with access to their Sentry server.

Second, Solana engineers discovered that Slope Wallet users’ funds were compromised as a result of the private key information being somehow transferred to an application monitoring service. Thirdly, the wallet’s developer, Slope Finance, explained in a Twitter statement that they had eliminated the server-side logging that might have allowed access to their Sentry server. They came to the conclusion that 1,444 of the 9,233 wallets affected by this weakness could be identified.

What Was At Stake?

The exploit, though, might not have been exclusive to wallets built on the Solana platform. Adam Cochran, a partner at Cinneamhain Ventures, asserts that users of the Trust Wallet who had assets based on Ethereum might also have been impacted. However, given that MetaMask is the preferred wallet for the majority of Ethereum users, their numbers were noticeably low.

In order to help with the investigations, he urged any Ethereum user who may have lost money as a result of the hack to get in touch with him right away.

Some Solana White-hat Hackers Fought Back.

They deployed a script that would try and ‘write-lock’ the attacker’s accounts, slowing their transactions down’. The method slowed down the attacker, but it resulted in several Solana RPC servers crashing.

According to the Slope wallet team, they are “still actively diagnosing” the problem and “committed to publishing a full post-mortem, earning back your trust, and making this as right as we can.” The Solana team also stated that “engineers from across several ecosystems, in collaboration with audit and security firms, continue to investigate the root cause of an incident that resulted in the draining of approximately 8,000 wallets.”

Slope advises its users to transfer money to a fresh wallet, which they should create with a new seed phrase. Hardware wallets, which have not been impacted by the hack, are also advised for keeping assets secure in the face of the potential persistence of the exploit situation.



Andre Costa
Web3 Magazine

Founder @ Terratecc | Building the best Blockchain & Web3 Brands.