- Slope acknowledged finding a critical vulnerability in its Solana wallet for mobile today.
- While the vulnerability put many assets in danger, Slope said there was no “conclusive evidence” that it caused the $5 million Solana wallet exploit earlier this month.
- The wallet developer highlighted that the number of hacked wallets was significantly greater than those exposed to the vulnerability, suggesting the hackers may have used another unaccounted attack vector.
Share this article
Slope said it would work to hunt down the hacker, recover the stolen assets, and make users whole.
Slope Owns Critical Wallet Vulnerability
Slope has admitted to a severe security vulnerability in its mobile Solana wallet.
In a Thursday statement, the third-party Solana wallet provider conceded that it had found a vulnerability in the Sentry Service implementation on its mobile wallet that inadvertently logged sensitive data. However, the firm said there was “no conclusive evidence” that the vulnerability was linked to the exploit on August 3 that saw over 9,232 Solana addresses being drained for over $5 million.
“Although there is no conclusive evidence from the auditors to link the Slope vulnerability to the exploit, its very existence put a lot of assets in danger,” the wallet developer said in the statement, apologizing to its users and promising to work on finding the hacker, recovering the funds, and making users whole.
Following the $5 million Solana exploit earlier this month, security pundits speculated on Twitter that the incident likely involved a “supply chain attack” on Solana wallets. Soon after, a number of security sleuths allegedly found that Slope had leaked its users’ private keys by recording them in plain text on Sentry’s servers. Now, Slope has admitted—albeit ambiguously—to the vulnerability but denied finding conclusive evidence that “all security layers” were compromised.
According to Slope, the independent audits revealed that the number of hacked addresses is significantly greater than the number of addresses exposed to the vulnerability, raising questions about whether another, still unaccounted attack vector is linked to the exploit.
Slope said that the independent auditors didn’t find additional security issues and that it would soon share more details on the asset recovery measures for the victims affected in the exploit.
Disclosure: At the time of writing, the author of this article owned ETH and several other cryptocurrencies.
Share this article