After the Solana wallet attack, the Solana Status team updated the public and detailed that the addresses of the affected wallets are linked to Slope’s mobile wallet apps. The team further stressed that “there is no evidence that the Solana protocol or its encryption has been compromised.”
Solana status report says affected addresses were created at one point in Slope Mobile Wallet apps
For the past 48 hours, Solana’s team has been dealing with an attack that compromised thousands of Solana’s wallets. At that time, Solana Labs co-founder and CEO was Anatoly Yakovenko Think The exploitation may be the result of an attack on the supply chain. He explained that iOS and Android wallets were affected when he did this He said: “Most reports are from Slope, but also a few Phantom users.”
On August 3, 2022, he released Solana case The Twitter account clarified that the addresses affected by the hack were linked to Slope’s mobile wallet apps. “Following an investigation by developers, ecosystem teams, and security auditors, it appears that at some point the affected addresses were created, imported, or used in Slope mobile wallet apps,” Solana Status wrote. “This vulnerability has been isolated in a single wallet on Solana, and the hardware wallets used by Slope remain secure.” Solana case He said:
While the details of exactly how this happened are still being investigated, the private key information was inadvertently sent to the application monitoring service. There is no evidence that Solana’s protocol or encryption has been compromised.
Published Slope Finance official speech From the wallet team and details of the breach are vague. Slope said: “A group of Slope wallets have been hacked in the event of the hack, and we have some hypotheses about the nature of the hack, but nothing is certain yet. [and] We feel the pain of society and we have not been immune. Many of our employees and founders’ portfolios have been drained.” Slope added that the team was actively conducting internal investigations and audits, while working with the security and audit groups.
Security experts say Slope seed phrases were recorded in readable plain text
During the official statement, the Slope team further recommended that Slope wallet users “create a new and unique initial phrase wallet, and transfer all assets to this new wallet.” Slope added:
If you use a hardware wallet, your keys will not be hacked.
data From Dune Analytics shows that there are more unique addresses affected by the breach than initially reported. Statistics show that 9,223 unique addresses suffered the error and stole $408,8121 in cryptocurrency. Most of the hacked assets consist of solana (SOL) and SOL-based USDC.
It’s running He said Slope seed statements transmitted to the Slope server were logged into readable text. The Slope wallet team allegedly stored the mnemonics in debug logging software via a central Sentry server. Security experts at Ottersec Hinge That “Anyone with access to the Sentry app can access [a] User private keys.” Ottersec also noted that the Slope team was “very helpful in sharing data related to the hack.”
What do you think of the issues with the Slope wallet and the recent exploit that affected Solana users? Tell us your thoughts on this topic in the comments section below.
photo credits: Shutterstock, Pixabay, Wikicommons
disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services or companies. Bitcoin.com It does not provide investment, tax, legal or accounting advice. Neither the Company nor the author shall be liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.