Slope denied the connection of the bug in the wallet with the hacking of Solana

Slope denied the connection of the bug in the wallet with the hacking of Solana

Auditors have not found “convincing evidence” linking the vulnerability of the Slope wallet with the hacking of Solana addresses worth millions of dollars, the developers of the application said.

On August 3, unknown persons gained access to more than 8000 wallets based on the network. Preliminary estimates of user damage reached up to $8 million.

During the investigation of the incident, the Solana team concluded that the addresses affected by the attack were “at some point created, imported or used in Slope mobile applications.”

Representatives of the Phantom project, whose users were among the victims of hacking, also announced the connection of the exploit with Slope.

The wallet team, together with auditors OtterSec and SlowMist, as well as the anti-cybercrime firm TRM, has launched its own investigation.

“The inspectors have gained access to all databases and data channels, server logs and application source code,” the statement said.

Although the work of the auditors has not yet been completed, the team shared with the community the most important, in its opinion, conclusions:

From July 28 to August 3, a vulnerability was discovered in the implementation of the developer notification service about errors in the Sentry application in Slope mobile wallets. The bug inadvertently registered confidential data when generating notifications;

there is no evidence that all levels of security have been compromised (for example, transmission or storage of information). Communication with the Sentry server is protected by end-to-end HTTPS encryption, and access is controlled by three-factor authentication;

the number of hacked addresses (a total of 9232) exceeds the number transmitted over the channel with Sentry. Of the last 1444 were deleted from the server.

“Although the auditors have no convincing evidence linking the Slope vulnerability to the exploit, its very existence has jeopardized many assets. This is far from the security standard that we strive to establish and maintain,” the developers said.

According to them, no additional bugs were found during the investigation, so the latest version of the wallet is safe.

The Slope team assured that it will continue to track the hacker to return the stolen assets.

Recall that in early August, auditors of smart contracts from Hacxyk discovered a vulnerability similar to the one identified by Slope in the NEAR Wallet wallet.

Auditors have not found “convincing evidence” linking the vulnerability of the Slope wallet with the hacking of Solana addresses worth millions of dollars, the developers of the application said. On August 3, unknown persons gained access to more than 8000 wallets based on the network. Preliminary estimates of user damage reached up to $8 million.…

Auditors have not found “convincing evidence” linking the vulnerability of the Slope wallet with the hacking of Solana addresses worth millions of dollars, the developers of the application said. On August 3, unknown persons gained access to more than 8000 wallets based on the network. Preliminary estimates of user damage reached up to $8 million.…