Blockchain auditing companies are currently investigating how hackers obtained access to around 8,000 secret keys used to deplete Solana-based wallets.
Investigations are underway after attackers stole $5 million in SOL and SPL tokens on August 3. Participants in the ecosystem and security businesses are contributing in unraveling the event’s complexities.
Solana collaborated closely with Phantom and Slope.Finance, the two SOL wallet providers whose user accounts were compromised as a result of the attacks. It has recently been revealed that some of the compromised private keys were directly linked to Slope.
In conjunction with Solana and Slope, Otter Security founder Robert Chen offered insights gained from first-hand access to impacted resources. Chen verified that a portion of compromised wallets had private keys that were stored in plaintext on Slope’s Sentry monitoring servers:
“The working idea is that an attacker obtained these logs and used them to compromise the users. The inquiry is still underway, and existing information does not explain all of the hacked accounts.”
Chen said that the Sentry instance had 5,300 private keys that were not part of the vulnerability. Nearly half of these addresses still contain tokens, and users are asked to transfer cash if they have not already done so.
After being asked to investigate the vulnerability by Slope, the SlowMist team came to a similar conclusion. The researchers also noticed that Slope Wallet’s Sentry service gathered the user’s mnemonic phrase and private key and transferred it to o7e.slope.finance. SlowMist was unable to locate any evidence indicating how the credentials were obtained.
After posting preliminary results online, Chainalysis acknowledged that it was doing blockchain analysis on the event. The blockchain research group further said that the hack mostly impacted customers who migrated accounts to or from Slope.Finance.
While the event absolves Solana of the brunt of the hack, it has underlined the need of verifying wallet providers’ services. SlowMist suggested that wallets be examined by different security firms before deployment and advocated for open source development to improve security.
When compared to decentralized apps, Chen claims that certain wallet providers have “flown under the radar” in terms of security. He hopes that the event would change user perception of the interaction between wallets and validation from external security partners.