Solana exploit related to imported Slope Finance wallets, private keys revealed
As first reported by CryptoSlate early Wednesday morning, a critical exploit drained thousands of crypto wallets with funds. However, a follow-up article revealed more information about connecting to Slope Finance.
Information about the origin of the exploit has finally come to light. Slope released a statement on Wednesday night advising all wallet owners to move funds in wallets that have been imported into Slope. The warning has been expanded to advice stating, “We do not recommend using the same seed phrase that was used with Slope on this new wallet.”
Phantom, another Solana wallet that many users were using when their funds ran out, released a statement identifying “issues related to importing accounts to and from Slope Finance.”
1/ Phantom has reason to believe that the reported exploit was due to a complex issue related to importing and importing accounts. @slope_finance.
We are continuing to actively work to identify if there were other vulnerabilities that could have caused this incident. https://t.co/W5B19gbMJX
— Phantom (@phantom) August 3, 2022
The Solana Status Twitter account, operated by the Solana Foundation, also issued a statement confirming its relationship with the Slope mobile wallet.
After investigation by developers, ecosystem teams, and security auditors, it appears that the affected addresses were created, imported, or used by the Slope mobile wallet application at some point. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
In a Twitter thread, the Solana Foundation revealed that “private key information was mistakenly submitted to an application monitoring service.”
A silver lining to the tragic story can not be displayed It would be a blockchain or seed generation issue. A cryptographic proof flaw in the Solana blockchain could have devastating effects on the entire crypto ecosystem. However, this no longer appears to be an issue, as the Solana Foundation asserts that “there is no evidence that the Solana protocol or its cryptography have been compromised.”
In a screenshot of the Moon Rank NFT log, Foobar highlighted the possible inclusion of private keys and mnemonic phrases within Slope API calls. The POST request appears to be sent via SSL encryption, but the fact that it contains a seed phrase is annoying. A possible cause was a man-in-the-middle attack that allowed malicious actors to intercept communications between her two parties and steal sensitive information.
MITM logs from @moonrankNFT Indicates a mnemonic passed to the Slope server via a POST request.Wallet name is pure coincidence pic.twitter.com/qL9C49ipvV
— Hoover (@0xfoobar) August 3, 2022
Somewhat worryingly, users still claim to have never used Slope. [their] life”, but their wallets were still depleted. Users report that their Trust Wallet accounts have been drained of funds, but these accounts are limited.
The total amount lost to the exploit is still unknown, but a figure as high as $580 million has been reported. wallet was flagged by SolScan as being involved in an exploit with a balance of $570 million. However, most of these funds are from his EXIST tokens and are not tracked by either CoinMarketCap or CoinGecko, making it more likely that the amount of liquid utilized is less than $10 million. increase.
Binance Founder and CEO CZ asked all users who used a wallet with Slope Finance to either move their funds to a new wallet or to Binance if they don’t understand the term “private key or seed phrase”. We recommend moving.
If you have used the Slope wallet (for SOL) in the past, move your funds to another wallet as soon as possible. Do not “import” your old wallet. Use a new private key or seed phrase.If you don’t know what these words mean, use SOL @Binance. The easy way. https://t.co/t1lYcgaX5z
— CZ🔶 Binance (@cz_binance) August 3, 2022
