Following the attack on the Solana wallet, the team responsible for analyzing this hack informed the public and clarified that the wallet addresses affected by the hack were linked to the Slope mobile wallet applications. The team also pointed out that “there is no evidence that the Solana protocol or its cryptography has been compromised“.
Solana’s status report indicates that the affected addresses were created at some point in the Slope mobile wallet applications.
Seems like an iOS supply chain attack. Multiple plausible wallets that only received sol and had no interactions beyond receiving have been affected. https://t.co/ne0g3ZmLH5
As well as key that were imported into iOS, and generated externally.https://t.co/hStAr1mU6Q
— SMS aey.sol, 🇺🇸 (@aeyakovenko) August 3, 2022
Over the past 48 hours, the Solana team had to deal with an attack that compromised thousands of Solana-based wallets. At the time, Solana Labs co-founder and CEO Anatoly Yakovenko said the following thought that the exploit likely came from a supply chain attack. He explained that iOS and Android wallets were affected when he said: “most of the reports come from Slope, but also from a few Phantom users.”
On August 3, 2022, the Twitter account explained that the addresses affected by the hack were linked to the Slope mobile wallet applications. “After investigation by developers, ecosystem teams, and security auditors, it appears that the affected addresses were at some point created, imported, or used in Slope mobile wallet apps.“, writes Solana Status. “This exploit has been isolated to a wallet on Solana, and hardware wallets used by Slope remain secure.” Solana Status said:
Although the details of exactly how this happened are still being investigated, information about the private keys was inadvertently passed to an application monitoring service. There is no evidence that the Solana protocol or its cryptography has been compromised.
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.
While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3
— Solana Status (@SolanaStatus) August 3, 2022
Slope Finance released an official statement on the hack and its liability: “A cohort of Slope wallets have been compromised in the breach, we have some guesses as to the nature of the breach, but nothing is firm yet, [et] we feel the pain of the community, and we weren’t immune. The wallets of several of our employees and founders have been emptied.Slope also added that the team is actively conducting internal investigations and audits, while working with security and audit groups.
Security experts claim that Slope’s boot phrases were recorded in clear, readable text.
During the official statement, the Slope team recommended Slope wallet users to “create a new single wallet with a seed phrase and transfer all assets to this new wallet“. Slope added:
If you are using a hardware wallet, your keys have not been compromised.
Data from Dune Analytics shows that the number of unique addresses affected by the breach is higher than originally announced. Statistics show that 9,223 unique addresses were affected by the bug and $4,088,121 in crypto was stolen. Most of the hacked assets consisted of SOL-based solana and USDC.
Over $4M was drained from Solana wallets over the past 2 days. We’ve been working directly with @solana and @slope_finance to investigate.
Here’s what we found. pic.twitter.com/Ny1gwuJfIb
— OtterSec (@osec_io) August 4, 2022
He’s doing said that Slope’s mnemonic phrases uploaded to Slope’s server were saved in readable text. The Slope Wallet team allegedly stores the mnemonics in debugging software through a centralized Sentry server. Ottersec Security Experts detailed that “anyone with access to Sentry could access users’ private keys“. Ottersec also noted that the Slope team has been “very useful in sharing data related to hacking.”
We have independently confirmed that Slope’s mobile app sends off mnemonics via TLS to their centralized Sentry server.
These mnemonics are then stored in plaintext, meaning anybody with access to Sentry could access user private keys. pic.twitter.com/PkCFTeQgOP
— OtterSec (@osec_io) August 4, 2022
To display Hide the table of contents