Solana and Slope Wallet users drained due to suspected exploit

Solana and Slope Wallet users drained due to suspected exploit
Written by boustamohamed31

  • Phantom wallet users complain about funds being drained without their consent
  • Several commenters point to an exploit related to the Magic Eden wallet or NFT market

Users of the Solana Phantom and Slope digital wallets claim millions have been stolen by an unknown exploit linked to the wallets or the associated trusted apps.

According to several users and market participants the exploit either on the Solana network or through proprietary wallets siphons users’ funds even though they are disconnected from web browsers or making any transfers. The exact details of the exploit are not yet known.

“We are working closely with other teams to get to the bottom of the reported vulnerability in the Solana ecosystem,” the Phantom team told Blockworks. “At this time, the team does not believe this is a Phantom-specific issue.” The exact amount stolen from users’ wallets is not yet known.

Users said they were receiving notifications that they were sending tokens to an unknown set of addresses. The total amount of funds siphoned so far is suspected to be more than $6 million in SOL from more than 7,760 wallets. Blockworks was not immediately able to independently verify the total amount taken.

Users of a web-based cryptocurrency wallet Slope also reported exploit incidents. The attacker is said to be getting away with both SOL and Solana Program Library (SPL) tokens.

One user, using @Paladin on Twitter, told Blockworks that several people familiar with the situation had their wallets “randomly drained.”

“They’ve lost thousands and most of their money, so they’re pretty depressed,” they said. “Move coins to a ledger and disconnect from any trusted website.”

Paladin pointed two big wallet addresses suspected to belong to the exploiter, who has a total balance of approximately SOL 37,777 (US$1.5 million). A third walletwith approximately 2,402 SOL ($95,000), continues to see funds drained to his address as a result of the exploit, Paladin said.

The exploit appears to affect all Solana-based tokens with recommendations to move coins to a ledger, cancel trusted applications such as the Magic Eden NFT market, or lock them by staking.

Hacks and exploits related to DeFi and NFTs continue to increase. Last month, Blockworks reported hacks totaling over 1.2 billion dollars just for the first quarter of this year in what appears to be an increase in frequency for the fledgling sector.

Continuous hacks “is a fundamentally intractable problem,” Immunefi CEO Mitchell Amador said in an interview with Blockworks at the time. “We knew things would go this way. Volatility is part of crypto, the amount of money flowing would have increased.”

Updated August 2, 2022, at 11:40 PM ET: Changes title and copy to reflect Slope Wallet users also affected by exploit. Updated response from the Phantom team.

Get the day’s most important crypto news and insights delivered to your inbox every night. Subscribe to the free Blockworks newsletter now.

  • Sebastian Sinclair


    Senior Reporter, Asia News Bureau

    Sebastian Sinclair is a senior news reporter for Blockworks operating in Southeast Asia. He has experience covering the crypto market as well as certain developments affecting the industry, including regulation, business and mergers and acquisitions. He currently does not own any cryptocurrencies. Contact Sebastian via email at [email protected]

About the author


Leave a Comment