#solana #crypto #blockchain #defi #slopewallet #certik
How to Understand Crypto Scams | Solana & Slope Wallet Exploit | CertiK Analysis Report – The attack that drained $8 million from over 9,000 Solana wallets in August was not the biggest hack of that week. The Solana exploit was unique because it resulted from insecure application code rather than smart contract code. How did this happen? Let’s take a look 👇
00:00 Introduction to the Solana Exploit
00:19 Slope Wallets Affected & Seed Phrases
00:58 Hardware Wallet & Centralized Exchange
01:10 Solana Influencer & NFT
01:20 CertiK Penetration Test & Auditing
The attack that drained $8 million from over 9,000 Solana wallets in August was not the biggest hack of that week. The Solana exploit was unique because it resulted from insecure application code rather than smart contract code, with millions of dollars of assets going to one attacker.
These were valid transactions, which initially complicated researchers’ efforts and worried all Solana users. But it soon became clear that only accounts which had interacted with Slope Wallet were affected.
Slope’s mobile app transmitted encrypted seed phrases from users’ devices to the company’s server. Once received the seed phrases were stored in plaintext.
The attacker breached a third-party monitoring service on Slope servers, giving them access to the seed phrases. The attacker executed the valid transactions and drained funds from compromised wallets. Other wallets which imported an externally-generated seed phrase into Slope were also affected.
Slope wallet users were urged to transfer their holdings to a hardware wallet or centralized exchange, which were not vulnerable to the exploit.
While the funds are unlikely to be recovered, the crypto community did strike back. A popular Solana influencer sent an NFT to the attacker’s wallet, which pointed to a hosted image and collected metadata requests, revealing the attacker’s public IP address.
CertiK conducted a preliminary penetration test of Slope wallet’s code in 2021, with no response from the Slope team.
Pre-release auditing should be the default for all Web3 projects. It’s not enough for code to be open-source, as vulnerabilities will quickly become public.
To learn more about the Slope Wallet Exploit, visit CertiK.com/resources
source
Be wise and swiftly seek the service of a honest and experienced cyber security to guide you, I was once a victim of such ugly situation but research linked me to a real expertise who delivered beyond expectations, keep it going GRINDTECHIEI !!
Slope wallet is scam or not