CoinShots Logo
Solana Wallet Provider Phantom Says Its Systems Were Uncompromised In $4M Hack
Phantom said security auditors did not find any vulnerabilities in its systems in relation to the wallet exploit. It was initially believed that Solana wallet libraries linked to Phantom, Slope, Sollet and Solflare may have suffered a “supply chain attack” on the iOS mobile platform.
Ankita K.
12:37 10th Aug, 2022
Frauds

Web3 wallet firm Phantom clarified late on Tuesday that its systems were not compromised prior to a wallet exploit, in which hackers have so far drained $4.08 million from 9,230 wallets.

On Tuesday, Phantom said, after nearly a week-long investigation, security auditors have not uncovered any vulnerabilities that could potentially tie it to the exploit.

“After almost a week of investigation, our team has not found any evidence that Phantom's systems were compromised during the August 2nd security incident,” the wallet provider said in a tweet.

Initially, it was believed that Solana wallet libraries linked to Phantom, Slope, Sollet and Solflare may have suffered a “supply chain attack” on the iOS mobile platform.

Later on, Solana developers traced the entire incident back solely to the Slope wallet application. The Solana team claimed all hacked addresses were at one point created, imported, or used in the Slope application.

This finding was also confirmed independently by security firm Otter, which reported that seed phrases generated by Slope wallet were being mistakenly sent to its server and saved in plain readable text. The low security standard likely led to the breach, giving hackers the ability to acquire the seed phrases and drain funds.

In a statement, Phantom has pointed to a non-Phantom source responsible for some of its affected users. “While some Phantom users were affected, in each case we have reviewed, we found that they had imported their seed phrases/private keys to or from a non-Phantom wallet,” it said.

On August 4, Slope made a statement that it didn’t have a firm answer to the cause of the breach. In its most recent update on Monday, Slope said it is finishing its investigation, working with blockchain intelligence firm TRM Labs as well as law enforcement agencies.

Source



CoinShots Logo

Social

Get in touch:

© 2022 Coinshots (AtlasZero LLC). All rights reserved.