Experts find private keys on Slope servers, still puzzled over access

Read full article at Cointelegraph.com News.

Blockchain auditing firms are still trying to figure out how hackers gained access to about 8,000 private keys used to drain Solana-based wallets. 

Investigations are ongoing after attackers managed to steal some $5 million worth of SOL and SPL tokens on Aug. 3. Ecosystem participants and security firms are assisting in uncovering the intricacies of the event.

Solana has worked closely with Phantom and Slope.Finance, the two SOL wallet providers that had user accounts affected by the exploits. It has since emerged that some of the private keys that were compromised were directly tied to Slope.

Blockchain audit and security firms Otter Security and SlowMist assisted in ongoing investigations and unpacked their findings in direct correspondence with Cointelegraph.

Otter Security founder Robert Chen shared insights from first-hand access to affected resources in collaboration with Solana and Slope. Chen confirmed that a subset of affected wallets had private keys which were present on Slope’s Sentry logging servers in plaintext:

“The working theory is that an attacker somehow exfiltrated these logs and were able to use this to compromise the users. This is still an ongoing investigation, and current evidence does not explain all of the compromised accounts.”

Chen also told Cointelegraph that some 5,300 private keys which were not a part of the exploit were found in the Sentry instance. Nearly half of these addresses still have tokens in them – with users urged to move funds if they have not done so already.

The SlowMist team came to a similar conclusion after being invited to analyze the exploit by Slope. The team also noted that the Sentry service of Slope Wallet collected the user’s mnemonic phrase and private key and sent it to o7e.slope.finance. Once again, SlowMist could not find any evidence explaining how the credentials were stolen.

Cointelegraph also reached out to Chainalysis, which confirmed that it was carrying out blockchain analysis on the incident after sharing initial findings online. The blockchain analysis firm also noted that the exploit mainly affected users that had imported accounts to or from Slope.Finance.

While the incident absolves Solana from bearing the brunt of the exploit, the situation has highlighted the need for auditing services of wallet providers. SlowMist recommended that wallets should be audited by multiple security companies before release and called for open source development to increase security.

Chen said that some wallets providers had “flown under the radar” when it came to security when compared to decentralized applications. He hopes to see the incident shift user sentiment towards the relationship between wallets and validation from external security partners.

This article is strictly for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. CryptosOnline.com does not provide investment, tax, legal, business or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any loss or damage caused or alleged to be caused by, or in connection with, the use of or reliance on any content, goods, services or opinions mentioned in this article.

#Bitcoin #Crypto #Cryptocurrency