Solana Slope Wallet Hack cost users 8 million dollar
8/5/2022, 06:32 AM
The hack against Solana wallets is believed to be due to the wallet software Slope, which compromised private keys. In the case of the looted wallets for the cryptocurrency Solana, the cause may have been the wallet software Slope. A first investigation showed that the affected addresses were probably all either generated by Slope's mobile wallet application and then possibly imported elsewhere, or that they were at least managed at one time within this app, the makers of Solana said.
Apparently there was then an unintentional transfer of private keys to a service for monitoring the application by Slope, the Solana project explains. It remained open which service this was and whether the attackers were able to grab the keys there. Details are still being investigated. Neither the protocol nor the cryptography of Solana were compromised in this case, Solana emphasized.
Slope has now at least taken on part of the blame. An investigation by the security firm Ottersec showed that Slope's mobile wallet forwarded cryptographic seeds with TLS transport encryption to its own server. There they were then stored in plain text in log files, according to Ottersec. Anyone with access to the server could have helped themselves. From the cryptographic seed of a wallet, all used keys can be derived and thus also all associated balances controlled.
However, only 1400 of the addresses plundered in the hack were found on the Slope server, Ottersec explained. But many more addresses are affected. This discrepancy and other possible attack vectors are still being investigated. In addition, over 5300 private keys are also located on the server for addresses that have not yet been emptied. So Slope users should immediately transfer their balances to new wallets.
In the hack, thousands of wallets were plundered by unknowns on Tuesday and Wednesday. According to figures from the analysis platform Solscan, around 10,500 wallets are affected, the damage is estimated at over 8.5 million US dollars. The attackers were able to simply carry out the transactions as if they were the owners of the wallets. This suggests the compromise of private keys.
The wallet provider Phantom supports the preliminary results of Solana and Slope: Among the stolen Phantom users, account imports from and to Slope wallets were probably involved. A statement from the wallet service Solflare also points in this direction: Those who only use the Solflare wallet and do not migrate any cryptographic seeds from elsewhere are on the safe side. The suspected causes of the hack are not to be found in the Solflare wallet.
While the wallet maker failed hard, solana itself is not to blame for any losses. Their protocol is save. But no matter how save a blockchain is, if your wallet exposes your private keys you are most likely to lose your coins.
More about Solana on their website.
Apparently there was then an unintentional transfer of private keys to a service for monitoring the application by Slope, the Solana project explains. It remained open which service this was and whether the attackers were able to grab the keys there. Details are still being investigated. Neither the protocol nor the cryptography of Solana were compromised in this case, Solana emphasized.
Slope has now at least taken on part of the blame. An investigation by the security firm Ottersec showed that Slope's mobile wallet forwarded cryptographic seeds with TLS transport encryption to its own server. There they were then stored in plain text in log files, according to Ottersec. Anyone with access to the server could have helped themselves. From the cryptographic seed of a wallet, all used keys can be derived and thus also all associated balances controlled.
However, only 1400 of the addresses plundered in the hack were found on the Slope server, Ottersec explained. But many more addresses are affected. This discrepancy and other possible attack vectors are still being investigated. In addition, over 5300 private keys are also located on the server for addresses that have not yet been emptied. So Slope users should immediately transfer their balances to new wallets.
In the hack, thousands of wallets were plundered by unknowns on Tuesday and Wednesday. According to figures from the analysis platform Solscan, around 10,500 wallets are affected, the damage is estimated at over 8.5 million US dollars. The attackers were able to simply carry out the transactions as if they were the owners of the wallets. This suggests the compromise of private keys.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
- @Solana, August 3, 2022
The wallet provider Phantom supports the preliminary results of Solana and Slope: Among the stolen Phantom users, account imports from and to Slope wallets were probably involved. A statement from the wallet service Solflare also points in this direction: Those who only use the Solflare wallet and do not migrate any cryptographic seeds from elsewhere are on the safe side. The suspected causes of the hack are not to be found in the Solflare wallet.
While the wallet maker failed hard, solana itself is not to blame for any losses. Their protocol is save. But no matter how save a blockchain is, if your wallet exposes your private keys you are most likely to lose your coins.
More about Solana on their website.