A blockchain audit firm is trying to figure out how hackers got access to about 8,000 private keys used to compromise Solana-based wallets.
An investigation is underway after the attackers managed to steal approximately $5 million worth of SOL and SPL tokens on August 3rd.
Solana has worked closely with Phantom and Slope.Finance, two SOL wallet providers whose user accounts were affected by the exploit. It was later revealed that some of the compromised private keys were directly tied to her Slope.
Blockchain audit and security firms Otter Security and SlowMist supported the ongoing investigation and revealed their findings in direct communication with Cointelegraph.
Otter Security founder Robert Chen joined forces with Solana and Slope to share insights from direct access to affected resources. Chen confirmed that a subset of the affected wallets had private keys that existed in plaintext on his Sentry log server at Slope.
The working theory is that the attacker somehow stole these logs and used them to compromise our users. This is still an ongoing investigation and the current evidence is that all compromised account is not described.”
Chen told Cointelegraph that about 5,300 private keys were found on Sentry instances that were not part of the exploit. If not, you have been prompted to transfer funds.
The SlowMist team reached similar conclusions after being invited by Slope to analyze an exploit. The team also noted that Slope Wallet’s Sentry service collected the user’s mnemonic phrase and private key and sent it to o7e.slope.finance. Again, SlowMist was unable to find any evidence to explain how the credentials were stolen.
Cointelegraph also reached out to Chainalysis to confirm that it is conducting blockchain analysis of the incident after sharing its initial findings. onlineThe blockchain analysis firm also noted that the exploit primarily affected users who imported accounts to or from Slope.Finance.
While the incident removed Solana from bearing the brunt of exploits, the situation highlighted the need for auditing services for wallet providers. SlowMist recommended an audit of the wallet by multiple security firms before release and called for open source development to enhance security.
Chen said some wallet providers were “flying under the radar” when it comes to security compared to decentralized applications. He hopes the incident will shift user sentiment towards wallets and their relationship to external security and validation from his partners.