-Solana Co-founder Anatoly Yakovenko
Attacker is lazy at driving all the paths. A bunch of phantom users only saw their slope addresses get drained. I would advise anyone that touched slope to regenerate their seed phrase in a different wallet asap.
-Solana's head of communications Austin Fedora
We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn't find a single Phantom-forever user who had their wallet drained There's a lot more to go into about the actual vulnerability, but work is still ongoing at this point. https://t.co/pXeWbanveB There's far too many people to tag, but something all of CT should know is, in a moment potentially catastrophic crisis people who sometimes snipe on Twitter rolled up their sleeves and got to work. The investigations are ongoing, and I can't stress enough the importance of creating a new seed phrase in a non-slope wallet, and moving any assets you have in a Slope hot wallet over. Then go buy a hardware wallet. And what about the ETH users drained? Turns out, they'd been using their Solana BIP39 phrase in Ethereum, too! So the hacker inadvertently was able to access assets stored on ETH. From the outside, it was indistinguishable from a supply chain attack.
reply
-Phantom Team @phantom
1/ Phantom has reason to believe that the reported exploits are due to complications related to importing accounts to and from @slope_finance. We are still actively working to identify whether there may have been other vulnerabilities that contributed to this incident.
2/ In the meantime, if any Phantom users have also installed other wallets, we recommend you try to to move your assets to a new non-Slope wallet with a fresh seed phrase.
reply