[Update V] **WARNING** Millions Already Drained in Continuing Solana Based Wallet Hack
To review the original base article, click here.
To review 'Update II', click here
To review 'Update III', click here
To review 'Update IV, click here
August 3, 2022 @ 20: ET
Solana has published new details about today’s attack [...] This afternoon, Solana Status confirmed that the addresses affected by the attack “were at one point created, imported, or used in Slope mobile wallet applications.” It added that private key information was accidentally transmitted to an application monitoring service. It said that further details “are still under investigation.” Though thousands of wallets were drained, Solana confirmed that the exploit was confined to just one Solana wallet. It added that the Solana protocol itself remains secure. Furthermore, the attack only affected Slope’s downloadable wallet app. Slope hardware wallets are still secure.
[Dalton, M. Solana and Slope Confirm Wallet Security Breach. (Accessed August 3, 2022)].
Likewise Slope published an Official Statement regarding the breach addressed to the 'Slope Community'. Quoting directly from the statement:
Here is what we know at this juncture regarding the breaches to our user base:
- A cohort of Slope wallets were compromised in the breach
- We have some hypotheses as to the nature of the breach, but nothing is yet firm
- We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained
Actions we are taking:
- We are actively conducting internal investigations and audits, working with top external security and audit groups
- We are working with developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify.
While we have not fully confirmed the nature of the breach, in the spirit of safeguarding our user base, we recommend ALL Slope users do the following: Create a new and unique seed phrase wallet, and transfer all assets to this new wallet. Again, we do not recommend using the same seed phrase on this new wallet that you had on Slope. [...] We are still actively diagnosing, and are committed to publishing a full post mortem, earning back your trust, and making this as right as we can.
[Slope Finance. Slope’s Official Statement Regarding the Breach. (Accessed August 3, 2022)].
"The silver lining in a tragic tale is that the issue does not appear to be a blockchain or seed generation issue. A flaw in the Solana blockchain’s cryptographic proofs could have devastating effects on the entire crypto ecosystem. However, this no longer seems to be on the cards, and the Solana Foundation affirmed that “there is no evidence the Solana protocol or its cryptography was compromised" [Wright, L. Solana exploit related to imported Slope Finance wallets, private keys revealed. [Accessed August 3, 2022].
In a screenshot of logs from Moon Rank NFT, Foobar highlighted the possible inclusion of private keys and mnemonic phrases within a Slope API call. While the POST request appears to have been sent over SSL encryption, the fact that a seed phrase is included is troubling. A possible cause would have been a man-in-the-middle attack where a malicious actor can listen to communications between two parties to steal sensitive information.
[Id].
.png)
Posted Using LeoFinance Beta