Post Friends My journal
dartwalker

The Slope wallet sent users' LED phrases to a centralized server

Aug 05, 2022 06:01







Security researchers at Otter claim that they have established what could have caused the sensational mass attack affecting almost 8000 crypto wallets in the Solana ecosystem. They found that the Slope wallet provider was sending recovery phrases to a centralized server, which saved them as readable text.
On Thursday morning, Otter, a security company specializing in the Solana blockchain, reported that the Slope wallet application was sending users' initial phrases to a centralized server. Slope hired this server from a company called Sentry.

The Otter researchers added that the original phrases transmitted to the Slope server were saved as human-readable text. Since the phrases were not encrypted, anyone with access to the Sentry server could potentially gain access to the users' private keys. The low security standard probably led to hacking, which gave hackers the opportunity to get the source phrases and siphon funds.

"We have independently confirmed that the Slope mobile app sends mnemonic data via TLS [Transport Layer Security] to their centralized Sentry server," Otter researchers wrote in a tweet.

Meanwhile, Slope has issued a statement saying that it does not have a clear answer to the question about the reason for the violation.

"We have some hypotheses about the nature of the violation, but there is nothing solid yet," the report says.

As a security measure, Slope advised all its past users to transfer funds by creating other wallets with unique initial phrases.

The analysis of the Otter blockchain showed that at the moment hackers have stolen $ 4 million. Previous estimates by firms such as Elliptic and Anchain have established that the amount of the exploit is at least $5 million. These funds can be located in four Solana wallets.

https://coin-signal.com/cryptonews/the-slope-wallet-sent-users-led-phrases-to-a-centralized-server/
#Centralized, #Cryptonews, #Fraud, #Hack, #Led, #PATTERN, #Phrases, #Sent, #Server, #Slope, #Users, #Wallet
#CryptoNews, #HackFraud

#users, wallet, users, #server, #sent, server, sent, #hackfraud, #cryptonews, phrases, fraud, #phrases, #wallet, #slope, hack, slope, pattern, #pattern, #hack, led, centralized, #centralized, #led, #fraud, cryptonews

Leave a comment

Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.