Experts Discover Private Keys on Slope Servers, still Puzzled about Access
Blockchain analysis firms involved in the Solana investigation of the Solana exploit decode the latest developments as they try to figure out how private keys were stolen.
Blockchain auditing firms are still trying to figure out how hackers gained access about 8,000 private keys that were used to drain Solana-based wallets.
Investigators are still investigating after thieves took $5 million worth of Solana tokens (SOL) on Wednesday. Wow and private wow servers Security firms and ecosystem participants are assisting in uncovering the intricacies of the event.
Solana has worked closely with Phantom and Slope.Finance, the two Solana-based wallet companies that had accounts of users affected by the hacks. It has since emerged that certain private keys that were compromised were directly linked to Slope.
Blockchain audit and security firms Otter Security and SlowMist assisted in ongoing investigations and decoded their findings in direct correspondence with Cointelegraph.
Robert Chen, founder of Otter Security, shared his insights gained from having first-hand access to affected resources, in collaboration with Solana and Slope. Chen confirmed that a small portion of affected wallets had private keys that were present on Slope's Sentry Logging servers in plaintext:
Chen also confirmed to Cointelegraph that around 5,300 private keys that were not part of the exploit were found in the Sentry instance. Nearly half of these addresses have tokens in them - and users are urged to transfer funds if they haven't already done so.
After being invited by Slope to study the exploit The SlowMist team came to the same conclusion. The Sentry service of Slope Wallet took the user's private key, mnemonic phrase and sent them to o7e.slope.finance. Once again, SlowMist could not find any evidence to explain how the credentials were stolen.
Chainalysis was also contact by Cointelegraph, who confirmed that it was conducting an analysis of blockchains of the incident, and shared its initial findings online. The attack affected users who had imported accounts into or FROM Slope.Finance.
While the incident doesn't exempt Solana from the burden of the exploit, the situation has highlighted the need for auditing services of wallet providers. SlowMist suggested that wallets be scrutinized by a variety of security firms prior to release and advocated for open source development to improve security.
Chen said that some wallet providers had "flown under the radar" in terms of security when compared to decentralized applications. He hopes to see the situation shift the perception of users towards the relationship between wallets and validation from external security partners.