Solana wallet provider Phantom $4 million attackHe said he didn’t give up.
phantom stated that security checkers could not find any vulnerability in the system against any wallet attack. First of all, Phantom, Slope, Sollet and SolflareIt was believed that the iOS-based app of Solana digital wallets linked to the coin may have been subject to a “chain attack”.
Web3 wallet provider Phantom has announced that its systems were not compromised before hackers stole $4.08 million in an attack on 9,203 wallets so far. The Phantom also revealed that in its nearly a week-long investigation by security auditors, it did not find a vulnerability in their system.
Phantom said in a tweet:
After nearly a week of searching for the incident on August 2, our team found no evidence of any breach of the Phantom’s systems.
1/ After almost a week of investigation, our team has not found any evidence that Phantom's systems were compromised during the August 2nd security incident.
Work is still ongoing, but given the seriousness of the situation, we want to give an update on what we have done so far.
— Phantom (@phantom) August 9, 2022
Slope failed in this attack!
Then the Solana developers only traced the event back to the Slope wallet app. The Solana team found that hacked wallets were only created at one point, imported or used in the Slope app. This finding was confirmed by independent security firm Otter. Otter said in a statement that a set of passwords called “seed phrases” to protect wallets against theft were “accidentally” sent to the server in a clearly readable form. This vulnerability paved the way for hackers to access users’ wallets and steal the assets inside.
In the statement, Phantom additionally said that the hack occurred on wallets that Phantom had no obligation to.
Phantom said:
While some Phantom users were affected by this incident, we found at every address we reviewed that they had imported or imported their security key into a non-Phantom wallet.
Slope said the company had no response to the incident. Slope also said that their research on the subject is about to end, and that they are working with the blockchain intelligence firm TRM and law enforcement on this issue.
