Solana Status updated the public following the Solana hacker attack. They explained that the affected wallet addresses were associated with Slope mobile wallet application. The team further stressed that “there is no evidence the Solana protocol or its cryptography was compromised.”
Solana Status report: At One Point, affected addresses were created by Slope mobile Wallet applications
The Solana team was dealing with an attack on thousands of Solana wallets over the past 48 hours. Anatoly Yakovenko (Solana Labs CEO and co-founder) was at the scene. thoughtThe supply chain attack could have led to the vulnerability. He said that both Android and iOS wallets had been affected by the exploit. said: “most of the reports are Slope, but a few Phantom users as well.”
This will be the 3rd of August 2022. Solana StatusThe Twitter account stated that addresses infected by the hack had been tethered with Slope mobile wallet apps. “After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” Solana Status wrote. “This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.” Solana Status said:
Although the exact details are not known, it is believed that private key information was accidentally transmitted to an application surveillance service. It is not known if the Solana protocol was or its cryptography were compromised.
Slope Finance issued an official statement from its wallet team, but details about the breach remain vague. Slope said “A cohort of Slope wallets were compromised in the breach, we have some hypotheses as to the nature of the breach, but nothing is yet firm, [and] we feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.” Slope also added that the team was actively conducting internal investigations and audits, while working with security and audit groups.
Security Experts Say Slope’s Seed Phrases Were Logged in Readable Plaintext
During the official statement, the Slope team further recommended that Slope wallet users “create a new and unique seed phrase wallet, and transfer all assets to this new wallet.” Slope added:
Your keys are safe if you use a physical wallet.
Dune Analytics data shows there was more addresses affected than originally reported. According to statistics, the bug caused damage to 9,223 different addresses. Additionally, $4.088,121 was taken in crypto. The majority of assets stolen were solana (SOL), and SOL-based USDC.
It is being said that Slope’s mnemonic seed phrases transferred to Slope’s server were logged in readable text. Slope’s wallet team is alleged to have stored the mnemonics using debug logging software through a Sentry server. Ottersec security experts detailed that “anybody with access to Sentry could access [a] user’s private keys.” Ottersec also noted that the Slope team was “very helpful in sharing data related to the hack.”
Let us know your thoughts on the Slope wallet issues and the exploit which affected Solana customers. We’d love to hear your opinions on the subject below.
Image creditShutterstock. Pixabay. Wiki Commons
DisclaimerThis information is provided for educational purposes only. It does not constitute an offer, solicitation, or recommendation of any company, products or services. Bitcoin.com is not a provider of investment, tax, legal or accounting advice. The author and the company are not responsible for any loss or damage caused or alleged caused by the content or use of any goods, services, or information mentioned in the article.