Exploring ‘Slope’ factor in Solana exploit with Nomad update
Solana was the victim of a $6 million heist that cleared out over 8,000 wallets in the early hours of 3 August. The exploit happened the day after the cross-chain bridge, Nomad, was lost to another hack to the tune of $190 million.
However, there has been an update to the Solana hack after some investigation. According to Solana blockchain developers, the exploit resulted from the negligence of the web3 wallet provider, Slope wallet.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Why the “Slope-ry area”
According to the statement, Solana’s ecosystem was not to be blamed for the loss. Solana foundation explicitly pointed at Slope because most of the affected wallets were linked to it.
In its response, the Slope team also admitted that it had a lot of wallets drained due to the hack. Similarly, Phantom wallet confirmed Solana’s findings, which had some of its users touched by the hack.
Based on the findings, Solana Foundation noted that Slope wallets may have hosted users’ private keys on centralized servers. Additionally, reports from other corners mentioned that the hackers could have gained access to users’ wallets.
Hot wallets only
In another related development, Solana CEO, Anatoly Yakovenko had earlier linked the exploit to a supply chain issue. However, its communications lead, Austin Fedora, revealed that it was not the case in a follow-up update.
In his tweet, Fedro said,
“It seemed to impact desktop wallets, mobile wallets, wallets of active degens, and wallets that had only ever received one transaction. If this was a supply chain attack hitting all these users, that would have been very scary for all of web3”
Furthermore, he suggested that users who still had assets in their Slope wallet could move them to a secure hard wallet.
At press time, Solana confirmed that investigations were still ongoing to find the perpetrators.
But what’s up with Nomad?
As per the Nomad exploit, there has been some progress. Earlier, the hackers returned around $9 million to the bridge.
#PeckShieldAlert PeckShield has detected ～$9m has returned into @nomadxyz_ Funds Recovery Address, including 100 $ETH (~$164k) from address with ENS name bitliq.eth, ~3.78m $USDC, ~2m $USDT, ~15.8m $CQT (~$1.38m), ~1.2m $FRAX (~$1.2m), 200 $WETH (~328k), ~150k $DAI and etc. pic.twitter.com/Bpyjt7jnek
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
Then they followed it up with another $3.8 million in USDC, ETH, and USDT, especially after Nomad publicly pleaded for a return. However, it may seem that the Nomad hackers may not send back all of the exported funds.
According to the blockchain security firm, PeckShield, the hackers have been laundering some of it by sending it from wallet to wallet.
.@RariCapital exploiters transferred ~2 $ETH to 0x72ccbb and 0x76f455 (1 $ETH/address) which was used to pay for gas fees on transactions associated with @nomadxyz_ exploit, @RariCapital (Arbitrum) exploiters gained ~$3m, 0x72ccbb and 0x76f45555 gained ~$2m in the exploit. pic.twitter.com/aOpeACWHq4
— PeckShieldAlert (@PeckShieldAlert) August 4, 2022