Solana mobile wallet provider, Slope Wallet, is believed to be responsible for the recent multi-million dollar crash. However, their recent announcement states that there is no evidence linking the security hole to the hack.
Slope Wallet denies involvement in Solana’s security flaw
The developers behind the Slope wallet claim that there is no connection between the security hole in the wallet and the $4 million hack on the Solana platform.
However, their recent announcement contradicts the conclusions of Solana’s researchers.
Slope released a statement on Thursday (August 11, 2022), detailing their own investigation into the matter. This was done in partnership with cybercrime firm TRM and auditors OtterSec and SlowMist.
According to Slope, there is “no conclusive evidence” linking the vulnerability in its systems to the hack. Slope claims that only 1,444 of its wallet addresses were confirmed to have been drained during the attack.
However, there are 9,232 wallet addresses affected, as stated in multiple hack reports and collated in this Dune Analytics dashboard.
Slope’s statement added that the vulnerability lies behind an encrypted server. Access to this server also requires a three-factor authentication protocol. The wallet service admitted that such a vulnerability should not have existed in the first place.
Solana Labs researchers previously pointed out a flaw in Slope’s security architecture. This vulnerability exposes wallet seed phrases stored as plain text. Seed phrases in cryptocurrency are chains of memories of 12 or 24 words that are created when a user creates a wallet. This phrase is required to access funds in the wallet.
“We found no additional vulnerabilities during the investigation and intense scrutiny by multiple parties,(…) therefore, we believe the latest patched version of Slope Wallet is safe to use. The Slope team will continue to obtain regular audit reports and work with security professionals on a rolling basis.”Slope stated in blog post on August 11th
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews