Experts find private keys on Slope servers, but remain baffled by access

Experts find private keys on Slope servers, but remain baffled by access

Blockchain audit firms are still trying to figure out how hackers accessed some 8,000 private keys used to empty Solana-based wallets.

Investigations continue after attackers managed to steal some $5 million worth of SOL and SPL tokens on August 3. Ecosystem participants and security companies are helping to uncover the ins and outs of the event.

Solana has worked closely with Phantom and Slope.Finance, the two SOL wallet providers that had user accounts affected by the exploits. Since then, it has been known that some of the compromised private keys were directly linked to Slope.

Blockchain security and auditing firms Otter Security and SlowMist assisted in the ongoing investigations, revealing their findings in direct correspondence with Cointelegraph.

Otter Security founder Robert Chen shared his insights on first-hand access to affected resources in collaboration with Solana and Slope. Chen confirmed that a subset of the affected wallets had private keys that were present in Slope’s Sentry registry servers in plain text:

“The working theory is that an attacker somehow exfiltrated these logs and they were able to use this to compromise users. This is still an ongoing investigation, and the current evidence does not explain all of the compromised accounts.”

Chen also told Cointelegraph that some 5,300 private keys were found in the Sentry instance that were not part of the exploit. Nearly half of these addresses still have tokens on them, and users are encouraged to move funds if they haven’t already.

The SlowMist team came to a similar conclusion after being invited to analyze the exploit by Slope. The team also observed that the Slope Wallet’s Sentry service collected the user’s mnemonic phrase and private key and sent it to Once again, SlowMist was unable to find any evidence to explain how the credentials were stolen.

Read:  Binance Becomes Official Partner of the 64th Grammy Awards

Cointelegraph also contacted Chainalysis, which confirmed that it was conducting blockchain analysis on the incident after sharing initial results. online. The blockchain analytics firm also noted that the exploit primarily affected users who had imported accounts to or from Slope.Finance.

Although the incident absolves Solana from bearing the brunt of the exploit, the situation has highlighted the need to audit the services of wallet providers.. SlowMist recommended that the wallets be audited by multiple security companies before release and called for open source development to increase security.

Chen said that some wallet providers had “gone under the radar” when it came to security, compared to decentralized apps. He hopes the incident will change users’ minds about the relationship between wallets and validation from third-party security partners.

Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.

Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.