Notes

Experts find Private Keys on Slope Servers. Still Puzzled over Access

As teams try to figure out how private keys were stolen, blockchain analysis firms involved in the investigation of the Solana exploit explain the latest developments.



Blockchain auditing firms are still trying to figure out how hackers got access to 8,000 private keys that were used to drain Solana's wallets.



Investigations are continuing after attackers managed to steal some $5 million worth of Solana (SOL) and Solana Program Library (SPL) tokens on Wednesday. Ecosystem members and security firms are working together to discover the details of the incident.



Solana has been close to Phantom and Slope. Azov Finance, two Solana-based wallet provider that were affected by the hacks, had user accounts. Since then, it has been discovered that some of the compromised private keys were linked to Slope.



Blockchain audit and security firm Otter Security and SlowMist supported ongoing investigations and released the findings in direct correspondence to Cointelegraph.



Otter Security founder Robert Chen provided insights from his first-hand experience with affected resources in collaboration with Solana and Slope. Chen confirmed that a subset of affected wallets contained private keys that were found on Slope's Sentry log servers in plaintext:



Chen also told Cointelegraph that 5,300 private keys that weren't part of the hack were found in the Sentry instance. Nearly half of these addresses still contain tokens, and users are urged to transfer funds if they have not already done so.



After being invited by Slope to investigate the vulnerability the SlowMist team came to a similar conclusion. The Sentry service of Slope Wallet took the user's mnemonic phrase, private key and then transmitted them to o7e.slope.finance. SlowMist was unable to find any evidence that would clarify how the credentials were stolen.



Chainalysis was also approached by Cointelegraph who confirmed that the company was conducting an analysis of blockchains of the incident, after sharing its initial findings online. The vulnerability affected users who imported accounts into or FROM Slope.Finance.



While the incident doesn't exempt Solana from the burden of the exploit The incident has also highlighted the necessity of auditing services for wallet providers. SlowMist recommended that wallets be audited by several security firms prior to being released , and also advocated for open source development to enhance security.



Chen said that a few wallet providers had "flown under the radar" in terms of security when compared to decentralized apps. Chen hopes to see the incident shift user sentiment towards the relationship between wallets and validation from external security partners.


Here's my website: https://azov.tv/