Solana's Investigation Indicates Wallet Exploit Tied to Slope Mobile App

Solana's Investigation Indicates Wallet Exploit Tied to Slope Mobile App
Blockchain News
Like? Do Rank It! Likes

Following the Solana wallet attack, the Solana Status team updated the public and detailed that the wallet addresses affected by the breach were tied to Slope mobile wallet applications. The team further stressed that “there is no evidence the Solana protocol or its cryptography was compromised.”

Solana Status Report Says Affected Addresses Were at One Point Created in Slope Mobile Wallet Applications

During the last 48 hours, the Solana team has been dealing with an that saw thousands of Solana-based wallets compromised. At the time, Solana Labs co-founder and CEO Anatoly Yakovenko the exploit possibly stemmed from a supply chain attack. He explained that iOS and Android wallets were affected when he : “most of the reports are Slope, but a few Phantom users as well.”

On August 3, 2022, the Solana Status Twitter account explained that the addresses affected in the hack were tethered to Slope mobile wallet applications. “After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications,” Solana Status wrote. “This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.” Solana Status :

While the details of exactly how this occurred are still under investigation, private key information was inadvertently transmitted to an application monitoring service. There is no evidence the Solana protocol or its cryptography was compromised.

Slope Finance published an official statement from the wallet team and breach details are vague. Slope said “A cohort of Slope wallets were compromised in the breach, we have some hypotheses as to the nature of the breach, but nothing is yet firm, [and] we feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained.” Slope also added that the team was actively conducting internal investigations and audits, while working with security and audit groups.

Security Experts Say Slope’s Seed Phrases Were Logged in Readable Plaintext

During the official statement, the Slope team further recommended that Slope wallet users “create a new and unique seed phrase wallet, and transfer all assets to this new wallet.” Slope added:

If you are using a hardware wallet, your keys have not been compromised.

from Dune Analytics shows that there were more unique addresses that were affected by the breach than initially reported. Statistics show that 9,223 unique addresses suffered from the bug and $4,088,121 in crypto was stolen. Most of the assets hacked were made up of solana (SOL) and SOL-based USDC.

It is being that Slope’s mnemonic seed phrases transferred to Slope’s server were logged in readable text. The Slope wallet team allegedly stored the mnemonics in debug logging software via a centralized Sentry server. Security experts at Ottersec detailed that “anybody with access to Sentry could access [a] user’s private keys.” Ottersec also noted that the Slope team was “very helpful in sharing data related to the hack.”

, , Anatoly Yakovenko, Dune Analytics, , , Hackers, , , Slope App, Slope Finance, Slope Mobile, Slope Wallet, SOL, SOL wallet hack, SOL-based USDC, Solana, Solana Labs CEO, Solana Labs co-founder, Solana Wallet Exploit, Vulnerability

What do you think about the issues with Slope wallet and the recent exploit that affected Solana users? Let us know your thoughts about this subject in the comments section below.

Solana Suffers Exploit — Close to 8,000 SOL-Based Wallets Have Been Compromised
ALTCOINS | 1 day ago
The Number of Euro-Pegged Stablecoins Has Swelled 1,683% Since 2020
ALTCOINS | 3 days ago

More Popular News

In Case You Missed It

Following a Brief Fee Spike, Gas Prices to Move Ethereum Drop 76% in 12 Days

Transaction fees on the Ethereum network are dropping again after average fees saw a brief spike on April 5 jumping to $43 per transfer. 12 days later, average ether fees are close to dropping below $10 per transaction and median-sized ... read more.

NFT Sales Volume Saw a Small Uptick This Week — Moonbirds, Mutant Apes Take Top Sales
UAE Airliner Emirates to Launch NFTs and Experiences in the Metaverse
Privacy-Centric Monero Plans for July Hard Fork, Plans Include Ring Signature, Bulletproof Upgrade
Fed's Bullard Wants to Raise Bank Rate to 3.5% by Year's End, Hints at 75 Basis Point Rate Hike
Crypto Daily - Crypto And Financial News 11/08/2022 Ripple Buying Celsius?
japan eu eth/usd
5 hours ago

In Todays Headline TV CryptoDaily News: BitPay partners Cardlytics for cash back rewards. BitPay, the world’s largest provider of Bitcoin and cryptocurrency payment services, added a reward program to its BitPay Prepaid Card. Cardlytics, a cash-back rewards platform, is managing the rewards where the BitPay cardholder automatically receives cash back on purchases. Hackers have stolen $1.4 billion this year using crypto bridges. Crypto bridges, which link blockchain networks together, have become major targets for cybercriminals. A total of around $1.4 billion has been lost to breaches on cross-chain bridges this year, according to figures from blockchain analytics firm Chainalysis. Ripple Labs 'interested' in bankrupt crypto lender Celsius' assets. San Francisco-based blockchain payments company Ripple Labs Inc is interested in potentially purchasing assets of bankrupt crypto lender Celsius Network, according to a company spokesperson. BTC/USD exploded 2.9% in the last session. The Bitcoin-Dollar pair exploded 2.9% in the last session. The Stochastic indicator is giving a negative signal. Support is at 22289.6667 and resistance at 24337.6667. The Stochastic indicator is giving a negative signal. ETH/USD skyrocketed 7.5% in the last session. The Ethereum-Dollar pair skyrocketed 7.5% in the last session. According to the CCI, we are in an overbought market. Support is at 1599.2733 and resistance at 1841.3733. The CCI points to an overbought market. XRP/USD skyrocketed 2.6% in the last session. The Ripple-Dollar pair skyrocketed 2.6% in the last session. The MACD is giving a negative signal. Support is at 0.3499 and resistance at 0.3887. The MACD is currently in negative territory. LTC/USD skyrocketed 4.3% in the last session. The Litecoin-Dollar pair gained 4.3% in the last session after rising as much as 5.2% during the session. The Stochastic-RSI is giving a negative signal. Support is at 55.5833 and resistance at 64.6433. The Stochastic-RSI is currently in negative territory. Daily Economic Calendar: IE Consumer Price Index The Consumer Price Index is a measure of price movements made by comparing the retail prices of a representative shopping basket of goods and services. The Irish Consumer Price Index will be released at 10:00 GMT, Japan's Foreign Investment in Japan Stocks at 23:50 GMT, the US Continuing Jobless Claims at 12:30 GMT. JP Foreign Investment in Japanese Stocks Securities investment referrers to bonds issued in a domestic market by a foreign entity in the domestic market’s currency. US Continuing Jobless Claims The Counting Jobless Claims measure the number of individuals who are unemployed and are currently receiving unemployment benefits. JP Foreign Bond Investment The Foreign Bond Investment refers to bonds issued in a domestic market by a foreign entity in the domestic market’s currency. Japan's Foreign Bond Investment will be released at 23:50 GMT, the US Initial Jobless Claims at 12:30 GMT, the Irish HICP at 10:00 GMT. US Initial Jobless Claims The Initial Jobless Claims is a measure of the number of people filing first-time claims for state unemployment insurance. IE HICP The HICP is a measure of price movements or inflation harmonized across EU Member States. It is similar to the national Consumer Price Indices (CPI). Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

BlackRock announces the launch of a new private spot Bitcoin trust
19 hours ago

The move comes one week after its partnership with Coinbase to provide institutional clients with crypto trading access.