Investigations are ongoing after attackers managed to steal some $5 million worth of SOL and SPL tokens on Aug. 3. Ecosystem participants and security firms are assisting in uncovering the intricacies of the event.

Solana has worked closely with Phantom and Slope.Finance, the two SOL wallet providers that had user accounts affected by the exploits. It has since emerged that some of the private keys that were compromised were directly tied to Slope.

Blockchain audit and security firms Otter Security and SlowMist assisted in ongoing investigations and unpacked their findings in direct correspondence with Cointelegraph.

Otter Security founder Robert Chen shared insights from first-hand access to affected resources in collaboration with Solana and Slope. Chen confirmed that a subset of affected wallets had private keys which were present on Slope's Sentry logging servers in plaintext:

Chen also told Cointelegraph that some 5,300 private keys which were not a part of the exploit were found in the Sentry instance. Nearly half of these addresses still have tokens in them - with users urged to move funds if they have not done so already.

The SlowMist team came to a similar conclusion after being invited to analyze the exploit by Slope. The team also noted that the Sentry service of Slope Wallet collected the user's mnemonic phrase and private key and sent it to o7e.slope.finance. Once again, SlowMist could not find any evidence explaining how the credentials were stolen.

Cointelegraph also reached out to Chainalysis, which confirmed that it was carrying out blockchain analysis on the