Solana and Slope Wallet Users Suspected Exploitation

  • Phantom wallet users complain that money is being used up without their consent
  • Several commentators point to an exploit involving the wallet or NFT marketplace Magic Eden

Users of the Solana Phantom and Slope digital wallets claim that millions were stolen by an unknown exploit linked to the wallets or associated trusted apps.

According to multiple users and market participants, the operation on the Solana network or through native wallets costs users money, despite being disconnected from web browsers or having made wire transfers. Exact details of the exploit are not yet known.

“We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem,” the Phantom team told Blockworks. “At this point, the team does not believe this is a Phantom-specific problem.” The exact amount stolen from users’ wallets is not yet known.

Users said they are receiving notifications that they are sending tokens to an unknown set of addresses. The total amount drained so far is suspected of totaling more than $6 million in SOL from more than 7,760 portfolios. Blockworks could not directly independently verify the total amount withdrawn.

Web-based cryptocurrency wallet users slope also report incidents of an exploit. The attacker would get away with both SOL and Solana Program Library (SPL) tokens.

One user, who uses @Paladin on Twitter, told Blockworks that several people familiar with the situation had their wallets “randomly empty.”

“They lost thousands and most of their money, so they’re pretty depressed,” they said. “Move coins to a ledger and disconnect any trusted website.”

Paladin pointed to two major wallet addresses believed to be owned by the exploiter with a combined balance of approximately SOL 37,777 (US$1.5 million). A third wallet, with about 2,402 SOL ($95,000) continues to see money flowing to its address as a result of the exploit, Paladin said.

The exploit appears to affect all Solana-based tokens with recommendations for moving coins to a ledger, withdrawing trusted apps like NFT marketplace Magic Eden, or locking them down via staking.

Hacks and exploits related to DeFi and NFTs continue to increase. Last month, Blockworks reported that hacks totaled more than $1.2 billion in the first quarter of this year alone, which appears to be an increase in frequency for the nascent industry.

Ongoing hacks “is essentially an unsolvable problem,” Immunefi CEO Mitchell Amador told Blockworks in an interview at the time. “We knew it was going this way. The volatility is part of crypto, the amount of money flowing in would increase.”

Update: Changes header and copy to reflect Slope Wallet users who are also affected by the exploit. Updates response from Phantom’s team.

Get the best crypto news and insights of the day delivered to your inbox every night. Subscribe to Blockworks’ free newsletter now.

  • Sebastian Sinclair


    Senior Reporter, Asia News Desk

    Sebastian Sinclair is a senior news reporter for Blockworks operating in Southeast Asia. He has experience with the crypto market and with certain developments affecting the industry, including regulations, corporations and mergers and acquisitions. He currently has no cryptocurrencies. Contact Sebastian by email at: [email protected]

Leave a Comment