It should be noted that about 8 thousand wallet holders faced the loss of funds, who in total lost approximately the equivalent of $4.46 million. Naturally, this is an extremely unpleasant situation, and no one deserves such a loss.

That said, it is worth noting that on the scale of the entire blockchain, the hack was relatively small. Yet, the market capitalisation of Solana, i.e. the product of all SOL coins multiplied by their number, is today the equivalent of 13.47 billion dollars.

The market capitalisation of Solana (SOL)

To illustrate, hacks of so-called crosschain bridges, i.e. platforms that allow to move tokens and NFTs between different networks, have “brought in” the equivalent of $2 billion for hackers over 13 hacks in 2022 alone.

Financial loss due to blockchain bridge hacks

Be that as it may, the hack has taken place, and the reasons for it need to be sorted out.

How Solana network users lost money

First of all, it should be noted that Solana network was not the cause of the incident, i.e. it was not hacked. The developers of the already mentioned Slope wallet were to blame, as reported on the official Solana Status Twitter. Here’s a quote from the project’s representatives, which was announced tonight.

After an investigation by developers, ecosystem teams and security auditors, it can be concluded that the affected addresses were somehow created, imported or used in the Slope mobile wallet.


Consequently, it was Slope that was the problem. As it became clear later, the affected Phantom and TrustWallet wallets had nothing to do with the cause of the hack.

Phantom mobile wallet for Android

Details of what was going on were shared by a developer under the pseudonym foobar as the investigation progressed. Here’s his rejoinder from Twitter.

Regarding the Solana hack: it seems that the Slope wallet was sending sid-phrases in plain text to third-party integration partners. Phantom wallets were victimised because of the sid import used by Slope. ETH wallets were compromised because of the reuse of the sid-phrase. This is not a blockchain problem or an accident.

A little later, the developer clarified the details of what was happening.

Correction: the Slope wallet didn’t send sid-phrases to external partners, but could register them on its own centralised servers. I apologise for getting a little ahead of myself, but the breakdown is ongoing. Wait for an announcement from the team for full confirmation.


This means that the Slope wallet was sending users' sid-phrases to its own server, and doing so in an unencrypted form. That's right: we're talking about a secret combination that gives access to the contents of the cryptocurrency address and allows you to dispose of it. For some reason, the developers decided that these combinations of words should be duplicated on their server, which does not correspond to decentralization norms at all. And logic in general.

The problem because of Slope was confirmed by the developers of Phantom wallet, whose users became the most massive victim of hackers. Here’s their tweet.

The Phantom team has reason to believe that the breach found is due to complications in the background of importing accounts from Slope. We are still working on finding other likely vulnerabilities that made this bug possible.


So why did Phantom users lose money? Apparently, they at some point created the mentioned sido phrase with Slope, then imported - or entered it - into the Phantom wallet. And since this combination was already lying open on the server, the hackers could essentially get to the coins that were "lying" inside Phantom as well. Although, in fact, it's all down to the theft of the sido phrase here, rather than interaction with Phantom.

Confirmation of this theory was shared by a Twitter user under the pseudonym MoonRank. He published data sent by Slope wallet to the server. And here the user’s sid-phrase is indeed noticeable – we underlined it for convenience in the following screenshot.

Sid-phrase in unencrypted form

Alas, developers’ inattention or negligence cost some users dearly. For example, here’s a tweet by a user nicknamed Degen Asocial Toxic Club who claims to have lost all his money. We are talking about 2968 USDC and 235 SOL, which is equivalent to 9101 USD at today’s exchange rate.

Another user under the nickname brudi reported the loss of 53 SOL.


If you use a Slope wallet, withdraw cryptocurrency from it immediately. This also applies to Phantom and other wallets that may have imported sido created with Slope. Ideally, transfer the coins to Ledger-type hardware wallets, as they were not affected by the attack. If there is no hardware wallet for some reason, it is worth sending the money to a centralised exchange.

Some members of the cryptocurrency community have responded to the situation with memes. In particular, here is a video from joma that supposedly shows the reaction of some crypto investors to the news of the hack. Alas, many people have lost much larger sums.


Although the final version of what happened has not been announced yet, the fault of Slope's developers seems obvious enough. Still, as other developers made sure, sid-phrases, which every cryptocurrency user should keep out of reach of others, somehow ended up on the server, and in unprotected form. Whether the project team has enough resources to at least partially compensate is unknown, and the same goes for the willingness to help the victims of the hack in general.

I'd like to believe there won't be any more developer initiatives like this. Still, something like this undermines trust in developers and new blockchain solutions - and it certainly doesn't do anyone any good.

What do you think of the situation? Share your opinion in our Millionaire Crypto Chat. We’ll discuss other topics there as well.