2 years ago
Following the Solana wallet attack, the Solana Status squad updated the nationalist and elaborate that the wallet addresses affected by the breach were tied to Slope mobile wallet applications. The squad further stressed that “there is nary grounds the Solana protocol oregon its cryptography was compromised.”
Solana Status Report Says Affected Addresses Were astatine One Point Created successful Slope Mobile Wallet Applications
During the past 48 hours, the Solana squad has been dealing with an attack that saw thousands of Solana-based wallets compromised. At the time, Solana Labs co-founder and CEO Anatoly Yakovenko thought the exploit perchance stemmed from a proviso concatenation attack. He explained that iOS and Android wallets were affected erstwhile helium said: “most of the reports are Slope, but a fewer Phantom users arsenic well.”
On August 3, 2022, the Solana Status Twitter relationship explained that the addresses affected successful the hack were tethered to Slope mobile wallet applications. “After an probe by developers, ecosystem teams, and information auditors, it appears affected addresses were astatine 1 constituent created, imported, oregon utilized successful Slope mobile wallet applications,” Solana Status wrote. “This exploit was isolated to 1 wallet connected Solana, and hardware wallets utilized by Slope stay secure.” Solana Status said:
While the details of precisely however this occurred are inactive nether investigation, backstage cardinal accusation was inadvertently transmitted to an exertion monitoring service. There is nary grounds the Solana protocol oregon its cryptography was compromised.
Slope Finance published an official statement from the wallet squad and breach details are vague. Slope said “A cohort of Slope wallets were compromised successful the breach, we person immoderate hypotheses arsenic to the quality of the breach, but thing is yet firm, [and] we consciousness the community’s pain, and we were not immune. Many of our ain unit and founders’ wallets were drained.” Slope besides added that the squad was actively conducting interior investigations and audits, portion moving with information and audit groups.
Security Experts Say Slope’s Seed Phrases Were Logged successful Readable Plaintext
During the authoritative statement, the Slope squad further recommended that Slope wallet users “create a caller and unsocial effect operation wallet, and transportation each assets to this caller wallet.” Slope added:
If you are utilizing a hardware wallet, your keys person not been compromised.
Data from Dune Analytics shows that determination were much unsocial addresses that were affected by the breach than initially reported. Statistics amusement that 9,223 unsocial addresses suffered from the bug and $4,088,121 successful crypto was stolen. Most of the assets hacked were made up of solana (SOL) and SOL-based USDC.
It is being said that Slope’s mnemonic effect phrases transferred to Slope’s server were logged successful readable text. The Slope wallet squad allegedly stored the mnemonics successful debug logging bundle via a centralized Sentry server. Security experts astatine Ottersec detailed that “anybody with entree to Sentry could entree [a] user’s backstage keys.” Ottersec besides noted that the Slope squad was “very adjuvant successful sharing information related to the hack.”
What bash you deliberation astir the issues with Slope wallet and the caller exploit that affected Solana users? Let america cognize your thoughts astir this taxable successful the comments conception below.
English (US) 