{"id":451,"date":"2023-01-30T14:02:14","date_gmt":"2023-01-30T12:02:14","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=451"},"modified":"2023-01-31T14:49:29","modified_gmt":"2023-01-31T12:49:29","slug":"2022-solana-hacks-explained-slope-wallet","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained-slope-wallet\/","title":{"rendered":"2022 Solana Hacks Explained: Slope Wallet"},"content":{"rendered":"

Slope Finance<\/strong> <\/a>is a community-driven full-stack platform<\/strong> that consists of the sectors of DEX, Wallet, and NFTs<\/strong> built on Solana<\/strong>. <\/span><\/p>\n

What happened<\/strong><\/p>\n

On August 2, 2022 an attacker drained 9229<\/strong> wallets of approximately $4.1M<\/strong> worth of assets.<\/span><\/p>\n

On-chain data showed that the malicious transactions<\/strong> were signed correctly<\/strong> and, therefore, the private wallet keys<\/strong> had been leaked<\/strong> or compromised<\/strong>. Solana Foundation claimed that no core code<\/strong> or anything related to Solana protocol itself<\/strong> was involved<\/strong> in the attack; it was isolated to the Slope Wallet provider.<\/span><\/p>\n

The Slope Finance team published an extensive incident report.<\/a><\/strong> Surprisingly, even after intensive code and server audits<\/strong>, it was still impossible to explain the exploit<\/strong> incident conclusively.<\/span><\/p>\n

Exploit Details<\/b><\/p>\n

It had been confirmed that the mobile version<\/strong> of Slope Wallet application was collecting sensitive information<\/strong> (i.e. private keys) and transmitting<\/strong> it (using HTTPS TLS encryption) to a third-party monitoring service<\/strong> Sentry<\/a>, where it was stored un-encrypted<\/strong> in an access-secured central database<\/strong>. According to the report, the investigations showed that only 5,367<\/strong> wallet private keys were stored<\/strong> in the database, and only 1,444 of them<\/strong> were actually drained<\/strong> by the attacker. There is no evidence<\/strong> that the remaining 7,785<\/strong> wallets affected<\/strong> by the hack have ever been stored<\/strong> in the Sentry database. Furthermore, there was no evidence<\/strong> of any unwanted access<\/strong> to the server or that the transmission would be compromised to intercept the data.<\/span><\/p>\n

Therefore, the investigations remain inconclusive<\/strong> with further actions from Slope Finance, such as interviews<\/strong> with potentially affected users<\/strong> that have never used Slope Wallet on a mobile device<\/strong> or those whose pubkey does not appear in Slope Sentry database<\/strong>. Any further results were not published at the time of this writing.<\/span><\/p>\n

In simple words,<\/b> we don\u2019t really know what exactly happened. Unlike the Wormhole<\/a> <\/strong>hack or the Mango<\/a><\/strong> exploit, where everything is clear in the aftermath,<\/span>\u00a0the Slope’s mystery remains unsolved.\u00a0<\/span>Slope keeps claiming that the problem<\/strong> was on the Sentry side<\/strong> where the sensitive data<\/strong> wasn\u2019t<\/strong> property encrypted<\/strong> and protected<\/strong>.\u00a0<\/span><\/p>\n

References<\/strong><\/p>\n

1, <\/a>2, <\/a>3<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Slope Finance is a community-driven full-stack platform that consists of the sectors of DEX, Wallet, and NFTs built on Solana. What happened On August 2, 2022 an attacker drained 9229 wallets of approximately $4.1M worth of assets. On-chain data showed that the malicious transactions were signed correctly and, therefore, the private wallet keys had been leaked or compromised. Solana Foundation claimed that…<\/p>\n","protected":false},"author":15,"featured_media":452,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[84,5],"tags":[],"class_list":["post-451","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks","category-solana"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t