{"id":451,"date":"2023-01-30T14:02:14","date_gmt":"2023-01-30T12:02:14","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=451"},"modified":"2023-01-31T14:49:29","modified_gmt":"2023-01-31T12:49:29","slug":"2022-solana-hacks-explained-slope-wallet","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained-slope-wallet\/","title":{"rendered":"2022 Solana Hacks Explained: Slope Wallet"},"content":{"rendered":"<p><span style=\"font-weight: 400;\"><a href=\"https:\/\/slope.finance\/\"><strong>Slope Finance<\/strong> <\/a>is a c<strong>ommunity-driven full-stack platform<\/strong> that consists of the sectors of <strong>DEX, Wallet, and NFTs<\/strong> built on <strong>Solana<\/strong>. <\/span><\/p>\n<p><strong>What happened<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">On August 2, 2022 an attacker drained <strong>9229<\/strong> wallets of approximately <strong>$4.1M<\/strong> worth of assets.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">On-chain data showed that the malicious <strong>transactions<\/strong> were <strong>signed correctly<\/strong> and, therefore, the <strong>private wallet keys<\/strong> had been <strong>leaked<\/strong> or <strong>compromised<\/strong>. Solana Foundation claimed that <strong>no core code<\/strong> or anything related to <strong>Solana protocol itself<\/strong> <strong>was involved<\/strong> in the attack; it was isolated to the Slope Wallet provider.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Slope Finance team published an <strong><a href=\"https:\/\/slope-finance.medium.com\/slope-wallet-sentry-vulnerability-digital-forensics-and-incident-response-report-d7a5904e5a39\">extensive incident report.<\/a><\/strong> Surprisingly, even after intensive <strong>code and server audits<\/strong>, it was still <strong>impossible to explain the exploit<\/strong> incident conclusively.<\/span><\/p>\n<p><b>Exploit Details<\/b><\/p>\n<p><span style=\"font-weight: 400;\">It had been confirmed that the <strong>mobile version<\/strong> of Slope Wallet application <strong>was collecting sensitive information<\/strong> (i.e. private keys) and <strong>transmitting<\/strong> it (using HTTPS TLS encryption) to a <strong>third-party monitoring service<\/strong> <a href=\"https:\/\/sentry.io\/welcome\/\">Sentry<\/a>, where it was stored<strong> un-encrypted<\/strong> in an access-secured <strong>central database<\/strong>. According to the report, the investigations showed that <strong>only 5,367<\/strong> wallet private keys were <strong>stored<\/strong> in the database, and <strong>only 1,444 of them<\/strong> were actually <strong>drained<\/strong> by the attacker. There is <strong>no evidence<\/strong> that the <strong>remaining 7,785<\/strong> wallets <strong>affected<\/strong> by the hack have ever been <strong>stored<\/strong> in the Sentry database. Furthermore, there was <strong>no evidence<\/strong> of any <strong>unwanted access<\/strong> to the server or that the transmission would be compromised to intercept the data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Therefore, the <strong>investigations remain inconclusive<\/strong> with further actions from Slope Finance, such as <strong>interviews<\/strong> with potentially <strong>affected users<\/strong> that have <strong>never used Slope Wallet on a mobile device<\/strong> or those whose <strong>pubkey does not appear in Slope Sentry database<\/strong>. Any further results were not published at the time of this writing.<\/span><\/p>\n<p><b>In simple words,<\/b><span style=\"font-weight: 400;\"> we don\u2019t really know what exactly happened. Unlike the <strong><a title=\"2022 Solana Hacks Explained: Wormhole\" href=\"https:\/\/ackeeblockchain.com\/blog\/2022-solana-hacks-explained-wormhole\/\">Wormhole<\/a> <\/strong>hack or the <strong><a title=\"2022 Solana Hacks Explained: Mango Markets\" href=\"https:\/\/ackeeblockchain.com\/blog\/2022-solana-hacks-explained-mango-markets\/\">Mango<\/a><\/strong> exploit, where everything is clear in the aftermath,<\/span><span style=\"font-weight: 400;\">\u00a0the Slope&#8217;s mystery remains unsolved.\u00a0<\/span><span style=\"font-weight: 400;\">Slope keeps claiming that the <strong>problem<\/strong> was on the <strong>Sentry side<\/strong> where the <strong>sensitive data<\/strong> <strong>wasn\u2019t<\/strong> property <strong>encrypted<\/strong> and <strong>protected<\/strong>.\u00a0<\/span><\/p>\n<p><strong>References<\/strong><\/p>\n<p><a href=\"https:\/\/slope-finance.medium.com\/slope-wallet-sentry-vulnerability-digital-forensics-and-incident-response-report-d7a5904e5a39\">1, <\/a><a href=\"https:\/\/blog.sentry.io\/2022\/08\/10\/slope-wallet-solana-hack\/\">2, <\/a><a href=\"https:\/\/solana.com\/news\/8-2-2022-application-wallet-incident\">3<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Slope Finance is a community-driven full-stack platform that consists of the sectors of DEX, Wallet, and NFTs built on Solana. What happened On August 2, 2022 an attacker drained 9229 wallets of approximately $4.1M worth of assets. On-chain data showed that the malicious transactions were signed correctly and, therefore, the private wallet keys had been leaked or compromised. Solana Foundation claimed that&hellip;<\/p>\n","protected":false},"author":15,"featured_media":452,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[84,5],"tags":[],"class_list":["post-451","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks","category-solana"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/01\/Slope-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/01\/Slope-600x600.png","author_info":{"display_name":"Aleksandra Yudina","author_link":"https:\/\/ackee.xyz\/blog\/author\/aleksandra-yudina\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=451"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/451\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/452"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}