Slope Wallet Hack
Incident Overview
Solana was subjected to a major exploit due to which approximately 8k Slope wallets were robbed in the amount of ~ $5.2M.
Slope is a web-based, non-custodial crypto wallet and browser extension that allows users to manage assets on the Solana blockchain.
Wallets on the Solana chain were compromised by a hacker who managed to gain access to users' private keys, thanks to which the hacker managed to withdraw funds to his address.
The hacker used a proxy to track network requests. Slope Wallet developers used Sentry to transfer data to the network. By default, Sentry does not use 2FA from which it can be concluded that most likely the Sentry Slope account was compromised, and since the data storage period in Sentry is 90 days, and it is possible to track the data of users who created their accounts in this period of time, the hacker gained access to the clean data of users' wallets such as mnemonic and private key. The vulnerability was also noticed in mobile devices based on android and iOS, most likely the application was written using the Flutter framework, which contains a bug, so the hacker also had access to private user data.
Hacker account address:
(SOL) 1) https://solscan.io/account/GeEccGJ9BE…BDbmuy
(SOL) 2) https://solscan.io/account/5WwBYgQG6B…wh1J3n
(SOL) 3) https://solscan.io/account/CEzN7mqP9x…hb3iEu
(SOL) 4) https://solscan.io/account/Htp9MGP8Ti…Sg4wxV
Address that received 0.5 $SOL from the Binance Hot Wallet on Solana: https://solscan.io/account/HYaQcKPcWg…37xYXv#solTransfers
(ETH) https://etherscan.io/address/0xc611952D81E4ECbd17c8f963123DeC5D7BCe1c27
Incident Report
Protocol Information
Market Context at Time of Hack
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Slope Wallet, these are the critical security checks that could have prevented this incident (August 2022).
- Verify all logic paths related to Private Key Compromised (Stored Publicly) / Other are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
- 01
- 02
- 03
- 04
- 05
Learn to Prevent the Next Slope Wallet
The Slope Wallet hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.