Bitcoin Forum
November 07, 2024, 08:44:16 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Solana Slope Wallet Vulnerabilities  (Read 221 times)
vv181 (OP)
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 03, 2022, 01:56:54 AM
Last edit: August 05, 2022, 04:45:07 PM by vv181
Merited by Bttzed03 (1), FirmWars (1)
 #1

It seems there are widespread exploit that happens within the Solana ecosystem. The causes are still unknown. A few sources I observed claim that revoking any apps from your Sol wallets doesn't help, looks like there is nothing you can do but migrate your Sol into cold storage or hardware wallet.

Suspected attacker wallets:
- https://solscan.io/account/CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
- https://solscan.io/account/Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV

Reposted information from /r/solana:

ONGOING EXPLOIT ACROSS MANY SOLANA DAPPS

There are many gambling sites and NFT mint sites that are suspected to be involved in this attack. Millions of dollars are currently being drained from wallets. We are actively working with teams (including wallet providers) to investigate the issue further and attempt to mitigate the exploit.

PLEASE CHECK YOUR WALLETS TO ENSURE THAT YOUR FUNDS ARE SAFE. CONSIDER MOVING YOUR FUNDS TO A HARDWARE WALLET SUCH AS LEDGER.

Attacker wallets:https://solscan.io/account/CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEuhttps://solscan.io/account/Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV

I will share more updates at https://twitter.com/solblaze_org/status/1554621959870169089 as I continue to receive more information about this attack.

Further relevant information:

https://nitter.net/phantom/status/1554626111535026177
We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.

As soon as we gather more information, we will issue an update.

https://nitter.net/solblaze_org/status/1554628258963922944
It seems like this attack is mainly impacting browser and mobile wallets. We are actively working with teams to further investigate the issue and will continue to provide updates as we learn more.

https://nitter.net/solanafm/status/1554636582564417536
The community has identified these 4 wallets as the hackers & we have tagged them on our explorer.

CEzN7mqP9xoxn2HdyW6fjEJ73t7qaX9Rp2zyS6hb3iEu
Htp9MGP8Tig923ZFY7Qf2zzbMUmYneFRAhSp7vSg4wxV
5WwBYgQG6BdErM2nNNyUmQXfcUnB68b6kesxBywh1J3n
GeEccGJ9BEzVbVor1njkBCCiqXJbXVeDHaXDCrBDbmuy



Thoughts? Does any of you here affected?



EDIT:
Some latest update from @SolanaStatus, the Twitter account is run by Solana Foundation.

https://nitter.net/SolanaStatus/status/1554658171934937090
[1]
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.

This thread will be updated as new information becomes available.

[2]
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.

The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.

[3]
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.

[4]
There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.

Do not reuse your seed phrase on a hardware wallet - create a new seed phrase.

Wallets drained should be treated as compromised, and abandoned.

[5]
If your wallet was one of the 7,767 impacted please complete this survey – engineers are investigating the root cause
https://solanafoundation.typeform.com/to/Rxm8STIT?typeform-source=admin.typeform.com

And here is some shitshow Cheesy
EDIT 3: Many RPC servers have gone offline due to white-hat hackers purposefully DDOSing them to slow down the hacker. Currently, it seems like the main Solana RPC server run by Triton as well as QuickNode and Ankr have gone offline. PLEASE DO NOT DDOS RPC SERVERS! IT ONLY MAKES IT HARDER FOR SOLANA AND DEVS TO DIAGNOSE THE ISSUE.



EDIT1:
Seems the investigation is still ongoing but looks like the community might have found the main culprit, which is the Slope wallet. And one point to note, this vulnerability isn't related to Solana protocol or Daaps.

New updates:

https://nitter.net/SolanaStatus/status/1554921396408647680
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.  2/3

There is no evidence the Solana protocol or its cryptography was compromised. 3/3

Official statement from Slope Finance:

Dear Slope Community,

Here is what we know at this juncture regarding the breaches to our user base:

    A cohort of Slope wallets were compromised in the breach
    We have some hypotheses as to the nature of the breach, but nothing is yet firm
    We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained

Actions we are taking:

    We are actively conducting internal investigations and audits, working with top external security and audit groups
    We are working with developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify

While we have not fully confirmed the nature of the breach, in the spirit of safeguarding our user base, we recommend ALL Slope users do the following:

Create a new and unique seed phrase wallet, and transfer all assets to this new wallet. Again, we do not recommend using the same seed phrase on this new wallet that you had on Slope.

If you are using a hardware wallet, your keys have not been compromised.

We are still actively diagnosing, and are committed to publishing a full post mortem, earning back your trust, and making this as right as we can.

Thank you,
Slope Team



EDIT2:

https://nitter.net/Austin_Federa/status/1554935012386037760
We spun up a Typeform to collect data and the results were clear – of those drained ~60% were Phantom users and 40% Slope users. But after extensive interviews and requests to the community, we couldn't find a single Phantom-forever user who had their wallet drained
~
The investigations are ongoing, and I can't stress enough the importance of creating a new seed phrase in a non-slope wallet, and moving any assets you have in a Slope hot wallet over.

Then go buy a hardware wallet.
~
And what about the ETH users drained?

Turns out, they'd been using their Solana BIP39 phrase in Ethereum, too! So the hacker inadvertently was able to access assets stored on ETH.

From the outside, it was indistinguishable from a supply chain attack.



EDIT3:

https://nitter.net/Zellic_io/status/1554936143220617216
1/ First, the following theories are considered very unlikely and entirely rejected:

- issues in Solana core
- issues in SPL token
- crypto issues (e.g. weak RNGs)
- widespread user devices compromise
- supply chain (compromised libraries)

2/ In the war room, we first hypothesized that wallets may be leaking mnemonics or private keys to Sentry.

After further investigation with the community, this is what we found:

3/ First, let's talk about Sentry.

Sentry is an event logging platform used for reporting errors in apps.

If a certain event occurs in the app, a request containing the details & environment is logged to the company's Sentry.

Many companies use Sentry on websites & mobile.

4/ The Slope Wallet for iOS and Android uses Sentry for event logging.

Any interaction in the app would trigger an event log.

Unfortunately, Slope didn't configure Sentry to scrub sensitive info. Thus, mnemonics were leaked to Sentry

s/o to @sniko_
 for this screenshot: https://pbs.twimg.com/media/FZQ-MU6VQAAHh0a?format=jpg&name=4096x4096

5/ However, Slope has been using Sentry for only 1 week now.

**Hypothetically**, an attacker *with access to Sentry* could go through event logs and steal the thousands of mnemonics leaked in the past week

Then drain thousands of wallets.
~

https://nitter.net/osec_io/status/1555087555351420928
We have independently confirmed that Slope’s mobile app sends off mnemonics via TLS to their centralized Sentry server.
-
These mnemonics are then stored in plaintext, meaning anybody with access to Sentry could access user private keys.
-
Slope has been very helpful in sharing data related to the hack. We received the database 4:45 PM UTC August 3rd and immediately began our investigation. The Sentry logs spanned between July 28th and August 3rd.
-
Approximately 1,400 of the addresses in the exploit were present in Sentry logs. Notably, this does not account for all the hacked addresses.

We are still investigating this discrepancy and possible other vectors.
-
Over 5,300 private keys which were not a part of the exploit were found in the Sentry instance. 2,358 of these addresses have tokens in them. If you used Slope, PLEASE MOVE YOUR FUNDS
ryzaadit
Legendary
*
Online Online

Activity: 2646
Merit: 1261



View Profile
August 03, 2022, 02:02:42 AM
 #2

Not affected, cause I don't use my address for claiming airdrop sir ~XD

As always, in my opinion, the people who are getting this attacked most of the time it's from people are chasing airdrop and minted some free stuff on "Solana" since their network is being used because of its popularity in the past 6-12 month.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
TravelMug
Hero Member
*****
Offline Offline

Activity: 2814
Merit: 872



View Profile
August 03, 2022, 03:49:30 AM
 #3

Nah, I don't have SOL to be honest, but for sure there will be some of us here that might be affected by the exploit and hopefully they can migrate to hardware wallet ASAP.

And this is another sad day for crypto users, as the hackers seems to be always just one step of the game from this developers. And again, hopefully they can make a patch immediately.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
tazmantasik
Hero Member
*****
Offline Offline

Activity: 1113
Merit: 507


Don't Get Involved


View Profile
August 03, 2022, 04:06:30 AM
 #4

Not affected, cause I don't use my address for claiming airdrop sir ~XD

As always, in my opinion, the people who are getting this attacked most of the time it's from people are chasing airdrop and minted some free stuff on "Solana" since their network is being used because of its popularity in the past 6-12 month.
Claiming airdrop or not I think better you move assets to hard ware wallet or to exchange because have many people become victim with Solana network exploit, few hour ago my friend told us he loss SOL fund saving on sol wallet and looks not safe keep hold and save your assets on Phantom or Sollet io. Before late and loss all your fund better save it on exchange wallet until the issues about Solana wallet exploit fix by developer.



████▄██████████▄
███▄████████████
▄███▀
████
████
████
▀███▄
███▀████████████
████▀██████████▀


▄██████████▄
████████████
███████████▀███▄
████████████████
████████████████
████████████████
▀███▄███████████
████████████████
████▀██████████▀


▄██▄█████████▄██▄
▀████▄█████▄████▀
▀████▄▄████▀
███████████
▄███▀█████▀███▄
█████████████████
█████████████████
█████████████████
▀███████████████▀


▄███████████████▄
█████████████████
████▀███▀██████▀
███████▄█████▀
████▄▄██████████▄
▀▀██████▀███████
▄██████▄███▄████
█████▀██████████
▀██▀███▀████████▀


████▄███████████
████████████████
▄███▀███████████
███████████████
██████████████
████████████████
███████████▄███▀
████████████
▀██████████▀
████████
██
██
██
██
██
██
██
██




██
██
██
██
██

██
██
██
████████
|
.
Listed
on
BINANCE
KUCOIN
Gate.io
|
libert19
Hero Member
*****
Offline Offline

Activity: 2674
Merit: 972


View Profile WWW
August 03, 2022, 05:31:20 AM
 #5

Not affected, cause I don't use my address for claiming airdrop sir ~XD

As always, in my opinion, the people who are getting this attacked most of the time it's from people are chasing airdrop and minted some free stuff on "Solana" since their network is being used because of its popularity in the past 6-12 month.

I don't think attackers would have gained millions from airdrop hunters.
TastyChillySauce00
Legendary
*
Offline Offline

Activity: 3164
Merit: 1038


Leading Crypto Sports Betting & Casino Platform


View Profile
August 03, 2022, 05:53:55 AM
 #6

I never used solana as i know how garbage this blockchain is after so many outages that happened before. Just see how stupid people who keep believing in this shit. The attack is still happening now and more than 7 millions USD already drained from so many personal wallet that owned by users.
Just wanna see how those people who got affected will be compensated. I never agreed to use the garbage blockchain and its ecosystem. How people are so dumb keep buying this shit in the market.
Ethereum killer? This blockchain may die soon. RIP solana.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
vv181 (OP)
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 03, 2022, 07:13:30 AM
 #7

As always, in my opinion, the people who are getting this attacked most of the time it's from people are chasing airdrop and minted some free stuff on "Solana" since their network is being used because of its popularity in the past 6-12 month.
Yea, accumulating airdrop or free stuff does increase the chance of some users interacting with shady apps. For this specific issue the root causes are still uncertain, so it might be more than that.

hopefully they can migrate to hardware wallet ASAP.
According to Solana Foundation, it is indeed suggested since currently there are no hardware wallet users affected.



Some latest update from @SolanaStatus, the Twitter account is run by Solana Foundation.

https://nitter.net/SolanaStatus/status/1554658171934937090
[1]
Engineers from multiple ecosystems, with the help of several security firms, are investigating drained wallets on Solana. There is no evidence hardware wallets are impacted.

This thread will be updated as new information becomes available.

[2]
An exploit allowed a malicious actor to drain funds from a number of wallets on Solana. As of 5am UTC approximately 7,767 wallets have been affected.

The exploit has affected several wallets, including Slope and Phantom. This appears to have affected both mobile and extension.

[3]
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.

[4]
There’s no evidence hardware wallets have been impacted – and users are strongly encouraged to use hardware wallets.

Do not reuse your seed phrase on a hardware wallet - create a new seed phrase.

Wallets drained should be treated as compromised, and abandoned.

[5]
If your wallet was one of the 7,767 impacted please complete this survey – engineers are investigating the root cause
https://solanafoundation.typeform.com/to/Rxm8STIT?typeform-source=admin.typeform.com

And here is some shitshow Cheesy
EDIT 3: Many RPC servers have gone offline due to white-hat hackers purposefully DDOSing them to slow down the hacker. Currently, it seems like the main Solana RPC server run by Triton as well as QuickNode and Ankr have gone offline. PLEASE DO NOT DDOS RPC SERVERS! IT ONLY MAKES IT HARDER FOR SOLANA AND DEVS TO DIAGNOSE THE ISSUE.
Bttzed03
Legendary
*
Offline Offline

Activity: 2114
Merit: 1150


https://bitcoincleanup.com/


View Profile
August 03, 2022, 08:03:39 AM
 #8

I neither use the network nor follow updates on Solana but every time I see posts about them, it's almost always about hacking indcidents. How many attacks has it been since it was launched? RIP to the affected wallets. Hopefully, none of them commit something horrible/tragic for losing their funds.

EDIT 5: ETH maxis, let's not forget your $190m Nomad hack yesterday Smiley
It looks like they have a lot of time in their hands to engage in some network trash talks.

~
I don't think attackers would have gained millions from airdrop hunters.
I wouldn't underestimate the value of tokens/coins held by airdrop hunters because some of them use their main wallet for these purposes or just don't have other accounts.
vv181 (OP)
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 04, 2022, 04:40:07 AM
 #9

EDIT 5: ETH maxis, let's not forget your $190m Nomad hack yesterday Smiley
It looks like they have a lot of time in their hands to engage in some network trash talks.
Darn it, I forgot to include that parts  Grin



Seems the investigation is still ongoing but looks like the community might have found the main culprit, which is the Slope wallet. And one point to note, this vulnerability isn't related to Solana protocol or Daaps.

New updates:

https://nitter.net/SolanaStatus/status/1554921396408647680
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2

This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service.  2/3

There is no evidence the Solana protocol or its cryptography was compromised. 3/3

Official statement from Slope Finance:

Dear Slope Community,

Here is what we know at this juncture regarding the breaches to our user base:

    A cohort of Slope wallets were compromised in the breach
    We have some hypotheses as to the nature of the breach, but nothing is yet firm
    We feel the community’s pain, and we were not immune. Many of our own staff and founders’ wallets were drained

Actions we are taking:

    We are actively conducting internal investigations and audits, working with top external security and audit groups
    We are working with developers, security experts, and protocols from throughout the ecosystem to work to identify and rectify

While we have not fully confirmed the nature of the breach, in the spirit of safeguarding our user base, we recommend ALL Slope users do the following:

Create a new and unique seed phrase wallet, and transfer all assets to this new wallet. Again, we do not recommend using the same seed phrase on this new wallet that you had on Slope.

If you are using a hardware wallet, your keys have not been compromised.

We are still actively diagnosing, and are committed to publishing a full post mortem, earning back your trust, and making this as right as we can.

Thank you,
Slope Team
el kaka22
Legendary
*
Offline Offline

Activity: 3696
Merit: 1170


www.Crypto.Games: Multiple coins, multiple games


View Profile
August 04, 2022, 07:00:33 AM
 #10

It was 100% already known that SOL has a lot of technical issues and yet people still do invest into it. In fact, so much so that people are not selling their SOL too much right now neither, if this gets big then maybe there will be a bit of a problem but we have not seen it get big at all.

This means that even though they keep freezing the chain, even though they proved everyone they are centralized, even though there are some hackings going on, people are yet to see this project as a failed one. I have no idea why, I sold mine a long time ago and will never look back and anytime I hear about it, it is a bad one. But, people still do prefer it for some reason.

█████████████████████████
███████▄▄▀▀███▀▀▄▄███████
████████▄███▄████████
█████▄▄█▀▀███▀▀█▄▄█████
████▀▀██▀██████▀██▀▀████
████▄█████████████▄████
███████▀███████▀███████
████▀█████████████▀████
████▄▄██▄████▄██▄▄████
█████▀▀███▀▄████▀▀█████
████████▀███▀████████
███████▀▀▄▄███▄▄▀▀███████
█████████████████████████
.
 CRYPTOGAMES 
.
 Catch the winning spirit! 
█▄░▀███▌░▄
███▄░▀█░▐██▄
▀▀▀▀▀░░░▀▀▀▀▀
████▌░▐█████▀
████░░█████
███▌░▐███▀
███░░███
██▌░▐█▀
PROGRESSIVE
      JACKPOT      
██░░▄▄
▀▀░░████▄
▄▄▄▄██▀░░▄▄
░░░▀▀█░░▀██▄
███▄░░▀▄░█▀▀
█████░░█░░▄▄█
█████░░██████
█████░░█░░▀▀█
LOW HOUSE
         EDGE         
██▄
███░░░░░░░▄▄
█▀░░░░░░░████
█▄░░░░░░░░█▀
██▄░░░░░░▄█
███▄▄░░▄██▌
██████████
█████████▌
PREMIUM VIP
 MEMBERSHIP 
DICE   ROULETTE   BLACKJACK   KENO   MINESWEEPER   VIDEO POKER   PLINKO   SLOT   LOTTERY
cryptoaddictchie
Legendary
*
Offline Offline

Activity: 2254
Merit: 1376


Fully Regulated Crypto Casino


View Profile
August 04, 2022, 07:48:32 AM
 #11

It was 100% already known that SOL has a lot of technical issues and yet people still do invest into it. In fact, so much so that people are not selling their SOL too much right now neither, if this gets big then maybe there will be a bit of a problem but we have not seen it get big at all.
Theres a lot of whale that hodl sol and even Sam has a lot of it thats why we cant see a major dump on it. Though some retailers already sold their bags, its not enough to put it down and to realize that theres too much error or mistakes on the network. Since big players wont let it dump, I think they will find a way to make it all fixed. I hate solana and Im a true blood Avalanche but the backers of this project is huge.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
tazmantasik
Hero Member
*****
Offline Offline

Activity: 1113
Merit: 507


Don't Get Involved


View Profile
August 04, 2022, 07:50:32 AM
 #12

Who still hold assets on Solana network and keep safety until now? every days I check with my friend talk me about loss their solona coin and have some of them with NFT network Solana. Exploit happening with Solana network give bad reputation for cryptocurrency because hold assets is not safe again, many time we hear about hacking and stolen assets not only on exchange market but also right now we got stolen on wallet network directly. What the next network not safety again for the future and we don't save assets there.



████▄██████████▄
███▄████████████
▄███▀
████
████
████
▀███▄
███▀████████████
████▀██████████▀


▄██████████▄
████████████
███████████▀███▄
████████████████
████████████████
████████████████
▀███▄███████████
████████████████
████▀██████████▀


▄██▄█████████▄██▄
▀████▄█████▄████▀
▀████▄▄████▀
███████████
▄███▀█████▀███▄
█████████████████
█████████████████
█████████████████
▀███████████████▀


▄███████████████▄
█████████████████
████▀███▀██████▀
███████▄█████▀
████▄▄██████████▄
▀▀██████▀███████
▄██████▄███▄████
█████▀██████████
▀██▀███▀████████▀


████▄███████████
████████████████
▄███▀███████████
███████████████
██████████████
████████████████
███████████▄███▀
████████████
▀██████████▀
████████
██
██
██
██
██
██
██
██




██
██
██
██
██

██
██
██
████████
|
.
Listed
on
BINANCE
KUCOIN
Gate.io
|
WeedGoW
Full Member
***
Offline Offline

Activity: 274
Merit: 101


View Profile
August 04, 2022, 04:10:39 PM
 #13

This seems like almost intentional exploits built in the paper network of Sol that can break down anytime if the 'hackers' want as they claim. How come a network with so many devs can't even verify and audit any code from 3rd party apps but still welcome them with open arm? LOL, still wonder why anyone still stays with Sol in nearly endless of crashes and outrages.
vv181 (OP)
Legendary
*
Offline Offline

Activity: 1932
Merit: 1273


View Profile
August 05, 2022, 12:26:25 AM
 #14

OP updated to reflect what's news.

Even though the communities are still finding out the actual issue/root causes of the vulnerabilities, major points that could be taken are:

- The issue is not related to the Solana protocol
- The issue is not related to web3 ecosystem supply chain attack
- The culprit of the issue is Slope Wallet
FirmWars
Member
**
Offline Offline

Activity: 242
Merit: 86


View Profile
August 05, 2022, 08:03:36 AM
 #15

This hack is not big enough to make solana crash a lot and also it seems that freebies are the ones affceted, I meant those that love to claim free tokens and stuff, I am not a fan of solana and I don't think I will ever be.

██████████████ ███████ █│     S y n t r u m     │     JOIN NOW     │█ ███████ ██████████████
►   Blockchain Infrastructure for DeFi, Gaming and NFT   ◄
██████████████       |       Twitter       |     Telegram     |      Medium      |       ██████████████
Bttzed03
Legendary
*
Offline Offline

Activity: 2114
Merit: 1150


https://bitcoincleanup.com/


View Profile
August 05, 2022, 11:12:39 AM
 #16

Found this in another thread:

4/ The Slope Wallet for iOS and Android uses Sentry for event logging.

Any interaction in the app would trigger an event log.

Unfortunately, Slope didn't configure Sentry to scrub sensitive info. Thus, mnemonics were leaked to Sentry

s/o to
@sniko_
 for this screenshot:

btc_angela
Hero Member
*****
Offline Offline

Activity: 2730
Merit: 551


Vave.com - Crypto Casino


View Profile
August 05, 2022, 11:43:04 AM
 #17

^^ Wow, so the mnemonic phrase is there in plain text and that anyone who has knowledge has used it and hack the wallet. And how stupid it is for the people behind to design it like that?

@FirmWars - regardless though, it is still an exploit that could have been prevented if they are just very careful about the codes. And in the bear market, we don't need to hear when people losing money or reputation of a project has been tainted. Although it is not related to their protocol and it was in the Slope Wallet.

5W-KILO
Member
**
Offline Offline

Activity: 234
Merit: 35

Moon.win


View Profile
August 05, 2022, 12:09:00 PM
 #18

The fault is on slope wallet devs, they should take responsibility for this losses because its simply their fault, also this will serve as a warning to people looking for new wallets to keep their tokens and coins.

zasad@
Legendary
*
Offline Offline

Activity: 1932
Merit: 4623



View Profile WWW
August 05, 2022, 12:31:19 PM
 #19

The fault is on slope wallet devs, they should take responsibility for this losses because its simply their fault, also this will serve as a warning to people looking for new wallets to keep their tokens and coins.
The fault of the developers can only be when there is a proven intentional possibility of using this vulnerability.
I do not use this ecosystem, but I am interested in the possibilities of blocking USDT and USDS tokens on these wallets, because this is the main asset.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
Balmain
Hero Member
*****
Offline Offline

Activity: 2156
Merit: 685


View Profile
August 05, 2022, 01:09:04 PM
 #20

I did not experience this abuse because I had always been distant to their left wallet. If I hold it, I will keep my left tokens in the exchanges, from now on, it has been an abuse that has really victimized many people, I think the problem here needs to be resolved. I usually see hackers as people interacting with 3rd party software, that is, people chasing free nft and free airdrops, they are being abused. Who should take responsibility here?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!