More than $8.5 million in crypto has been stolen by a “malicious actor” who compromised 8,000 wallets, allegedly by using a mobile wallet exploit.
The attack began earlier this month, with $8.5 million ($US5.8 million) in Solana cryptocurrency and NFTs obtained by the hackers from 7,947 wallets.
The Solana Foundation has confirmed that a “malicious actor” took the funds from accounts linked to the Solana cryptocurrency network.
More information about the hack has emerged in recent days.
It’s now believed the hack is the result of a Slope mobile wallet exploit.
Slope provides Android and iOS apps serving as wallets for individuals’ cryptocurrency assets, allowing them to send and receive coins, primarily aimed at the Solana network.
Solana developers have said they believe that the private key details for the impacted wallets were “inadvertently transferred” to a third party, leading to the breach.
“After an investigation by developers, ecosystem teams and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” Solana’s Twitter account said last week.
“This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure. While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.
“There is no evidence the Solana protocol or its cryptography was compromised.”
Slope has also released a statement about the breach, but the company did not take responsibility.
“We have some hypotheses as to the nature of the breach, but nothing is yet firm,” the company said in a statement.
“We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained. We are still actively diagnosing and are committed to publishing a full post-mortem, earning back your trust and making this as right as we can.”
Slope has since announced a 10 per cent bounty reward and that no legal action would be taken if the hackers opt to return the funds that were taken from the compromised wallets.
Slope has also recommended that users should create new wallets with new seed phases and move all of their assets there.
Solana head of communications Austin Federa confirmed that of the impacted wallets, 60 per cent were Phantom users and 40 per cent were Slope users, but none of the impacted users were Phantom-forever, meaning those impacted did not generate their seed phrase using Phantom.
In some solace for Aussies impacted by the breach, tax experts have said users who lost money from the breach may be able to claim it as a tax loss.
CryptoTaxCalculator CEO Shane Brunnette said that crypto lost via the hack could be listed as a tax loss by those impacted.
There have been numerous incidents in recent years that have seen individuals lose significant amounts of crypto.
In 2021, hackers took at least $99 million from Australians through a range of scams, including fake cryptocurrency wallets, stealing seed phrases or by remoting into their devices after offering to help the uninitiated buy some crypto.
Earlier this month, US authorities seized $715,000 in Bitcoin ransoms from North Korean ransomware actors in a rare and significant victory against the increasingly regular cryptocurrency-driven ransom attacks.
This crypto was stolen through a series of attacks against US healthcare providers, with the hackers using a new strain of malware called Maui in order to leverage funds from several hospitals and medical facilities.
Earlier this year, the FBI also blamed North Korea for a $757 million cryptocurrency heist, which saw the group stealing 174,000 ETH.
