Blockchain auditors have suggested that the reason for a massive $4 million hack across multiple cryptocurrency wallet providers is due to a misconfiguration in a widely used event logging technology.
Solana (SOL) and USD Coin (USDC) cryptocurrency tokens were among those stolen from Slope wallets by an unknown attacker, after the wallets revealed leaked plaintext seed phrases.
Seed phrases are randomly generated strings of words used to mine cryptocurrency wallets. They are considered safe and only the owners are supposed to know what these chains are.
Blockchain auditors Zellic and OtterSec have both released the results of their respective investigations, which are still ongoing, with both focusing on the Slope wallet. They concluded that the problem stemmed from a misconfiguration in Sentry.
Sentry is an event registration platform used by many industry websites and mobile apps, including the Slope Wallet for iOS and Android. Other wallets also affected include Phantom, Solflare and TrustWallet.
Zellic said that “any in-app interaction would trigger an event log. Unfortunately, Slope has not configured Sentry to sanitize sensitive information. Thereby, [the seedphrases] were disclosed to Sentry”.
Anyone with access to Sentry can access users’ private keys, OtterSec saidallowing them to recover wallets that do not belong to them and transfer tokens to their own personal wallet.
Zellic’s analysis revealed that Slope had only been using Sentry for a week before the breach was confirmed.
He also said that data that doesn’t need to be connected to Sentry can be cleaned through the platform’s SDK or through server-side cleaning.
Slope said many wallets belonging to its founders and staff were also depleted in the attack.
OtterSec has been working with Slope since the attack began on Tuesday night, with Slope providing logs to the listener dating back to July 28.
There are concerns about a discrepancy between wallet addresses confirmed to be affected by the hack and those present in Slope’s logs, OtterSec said.
“About 1,400 of the exploit addresses were present in the Sentry logs. Notably, this does not account for all hacked addresses,” OtterSec said.
“Over 5,300 private keys that were not part of the exploit were found in the Sentry instance. 2,358 of those addresses contain tokens,” he added.
The findings suggest that there are thousands of additional wallets containing cryptocurrency tokens and may currently be vulnerable to additional attacks from the yet unknown hacker.
Owners of a Slope Wallet are strongly advised to transfer all tokens to another storage method as soon as possible, such as a hardware ledger or centralized exchange.
“We actively conduct internal investigations and audits, working with top external security and auditing groups,” Slope said in an official statement.
“We work with developers, security and protocol experts across the ecosystem to identify and fix [the situation].
“We are still actively diagnosing and are committed to posting a full post-mortem, earning your trust back and making this as fair as possible.”
From Wednesday, more than 9,000 wallets had been emptiedwhose number is increasing.
Solana said he was conducting his own investigation into the incident, but “there is no evidence that the Solana protocol or its cryptography has been compromised.”
Numerous industry-wide investigations are still ongoing and more findings are likely to be revealed as they continue.
The COO’s Pocket Guide to Enterprise-Scale Intelligent Automation
Automate more cross-company and expert work for a better value chain for customers
Introducing IBM Security QRadar XDR
A complete open solution in a cluttered and confusing space
2021 Gartner Critical Capabilities for Data Integration Tools
How to identify the right tool to support your data management solutions
Unified Endpoint Management Solutions 2021-22
Analyze the EMU landscape