After the recent $8m Solana wallet hack, its third-party wallet, Slope, issued an apology for “not being communicative during these challenging times” and admitted that there was a vulnerability in the Sentry Service implementation on Slope Wallets on mobile from July 28th to August 3rd that inadvertently logged sensitive data in cases where the apps generated an error event.
However, Slope explicitly stated that “there is no evidence that all security layers (e.g., transmission and storage) were compromised.”
“All the transmission to the Sentry server is protected through HTTPS end-to-end encryption, and access to the Sentry server is controlled through three-factor authentication,” Slope assured.
To stop adding to further speculation, Slope said that “starting from day one, the team has been focused on investigating the root cause of the wallet hack incident and the recovery of assets. We have been working tirelessly over the last week with the auditors OtterSec and SlowMist, and the cybercrime firm TRM.”
Slope Offers Safe to Use Latest Patch Version
Slope confirmed that it is working with auditors OtterSec and SlowMist, and the cybercrime firm TRM.
Promising regular updates on the issue, Slope said, “the auditors received full access to all databases, data pipelines, server logs, and application source code.”
Slope tweeted its statement too, which said that the company’s latest patch version is safe to sue. “We found no additional vulnerabilities during the investigation and intense scrutiny by multiple parties,” Slope insisted.
Reporting from its independent audits, Slope revealed that:
- The number of all hacked addresses is larger than the total number of addresses ever exposed from the Sentry server.
- A fraction (1,444 addresses) of the total exposure from the Sentry server has been confirmed drained in cross-comparison.
On the Flipside
Slope admitted that although there is no conclusive evidence from the auditors to link the Slope vulnerability to the Solana wallet exploit, its very existence put a lot of assets in danger.
“This is nowhere near the security standard that Slope set out to establish and maintain, and we are deeply regretful of these occurrences,” Slope said.
Why You Should Care
Apologizing to those affected and for their losses, Slope has vowed to hunt down the hacker and recover stolen assets.