Giant Solana hack: the origin of the general panic and the siphoning of 10,400 wallets confirmed

Back to the Solana hack – At the beginning of the month, thousands of wallets Solana were siphoned off during a massive attack. Quickly, the Slope wallet was singled out as the source of the flaw. Let’s go back together on the details of this attack.

Hack Solana: 10,400 corrupted wallets

On August 3, the Solana ecosystem made headlines in the specialized media after being the target of a major hack.

Thus, 10,400 wallets were siphoned off during the attack. In total, these are almost $6 million in cryptocurrencies which were stolen by the attacker.

Amount stolen during the hack on Solana.
Amount stolen during the hack on Solana.

In the hours following the hack on Solana, the developers in charge of the case struggled to find the cause of these massive siphons. Ultimately, several proofs began to point in the direction of the Wallet Slope.

The details of the fault that affected Solana

About ten days after this event, the company’s teams OtterSecspecializing in auditing and blockchain analysis, published a report reviewing the facts.

At the time of the case, it had become apparent that the problem came from one of the wallets in the ecosystem.

So for its report, OtterSec has to analyse them two main wallets of the Solana ecosystem, namely phantom and slope.

Initially, OtterSec revealed that the Phantom wallet did not present no evidence of the existence of vulnerabilities that could lead to the compromise of mnemonics”

This is how in a second step, the OtterSec teams looked at the Slope wallet. According to their research, it is indeed the latter who is at theorigin of the fault.

We have confirmed that the Slope Wallet is vulnerable to leaking private keys and mnemonics in the logs that are sent to the log server. »

In practice, this flaw was present in the code of the wallet since version 2.2.0, released on June 24.

>> Make the choice of security: Register on PrimeXBT (commercial link) <<

Keys stored on Slope’s servers

The Slope wallet uses the Sentry service to monitor its application. All monitored data is sent and stored on a Sentry log server, hosted by the Slope teams.

Unfortunately, a error in the code caused the wallet mnemonic to be systematically sent to the Sentry server.

While accessing data from this server, OtterSec teams found numerous mnemonics stored in their Sentry server logs. Thus, the mnemonics found represent approximately 15% of addresses hacked.

However, due to a problem in Slope’s infrastructure, the server only received data for 12% of the time the flaw was present. Therefore, OtterSec estimates that the number of mnemonics sent was “probably much larger than the number stored on the server”.

Therefore, it is likely that the attacker was able to access the rest of the siphoned wallets by accessing logs that were not stored on the Sentry server.

What is the identity of Solana’s attacker?

However, one point remains unresolved. Indeed, in its report, OtterSec did not find “no evidence to suggest the log storage server was compromised”.

Consequently, the attacker would have succeeded in infiltrating the server without being detected and without the server presenting any obvious security flaw.

A fact that suggests that it could be a insider trading casewith a possible mole at Slope or possibly at Sentry.

Hopefully, the research published by OtterSec will allow developers and investigators to shed light on this case and get their hands on the attacker.

More recently, another protocol has been victim of a mole. Thus, the Velodrome Finance protocol was robbed of $350,000 by one of its team members.

Stay away from crypto dramas and hacks: for your security, trust reliable and strong partners. Register now on the PrimeXBT platform (commercial link).

Leave a Comment