A blockchain audit firm is investigating how hackers got access to nearly 8,000 private keys used to exfiltrate cryptocurrencies from Solana (SOL)-based wallets. .
On August 3, attackers managed to steal approximately $5 million worth of SOL and SPL tokens issued on Solana. Ecosystem participants and security companies are working together to uncover the complexities of this incident.
Solana is working closely with Phantom and Slope, SOL wallet providers whose users were affected by the hack. It was later revealed that some of the leaked private keys were directly related to Slope.
Blockchain audit and security firms Otter Security and SlowMist are supporting the ongoing investigation. Cointelegraph spoke with them about what the investigation found.
Otter Security founder Robert Chen shared insights from working with Solana and Slope to directly access affected resources. Chen confirmed that some of the affected wallets had private keys that existed in plaintext on Slope’s Sentry log server.
“The prevailing theory is that the attackers somehow exfiltrated these logs and used them to gain unauthorized access to users. This is still an ongoing investigation and the current evidence is cannot account for all compromised accounts.”
Chen also told Cointelegraph that about 5,300 private keys were found on Sentry instances that were not part of the exploit. Nearly half of these addresses still have tokens left over, and users are encouraged to do so if they haven’t done so already.
The Slowmist team reached similar conclusions after being invited to analyze exploits by Slope. The team also notes that the Slope wallet’s Sentry service collected users’ mnemonic phrases and private keys and sent them to ‘o7e.slope.finance’. They said they were unable to find any evidence to explain how the credentials were stolen.
Chainalysis, a blockchain analytics company, released its initial findings.share onlineis doing. Chainalysis also notes that the exploit primarily affected users who imported accounts to or from Slope.Finance.
While the incident spared Solana the brunt of the exploit, it highlighted the need for auditing services for wallet providers. Slowmist recommends having the wallet audited by multiple security companies before releasing it, and advocates the need for open source development to improve security.
Otter Security’s Chen said some wallet providers were “going under the radar” when it comes to security when compared to decentralized applications. He hopes the incident will change user sentiment about wallets and verification by external security partners.
Risk Disclosure: The articles and articles on Arover.net do not constitute investment advice. Bitcoin and cryptocurrencies are high-risk assets, and you should do your due diligence and do your own research before investing in these currencies.
