Solana-based wallet Slope said on Thursday there is no “conclusive evidence” to connect its mobile wallet’s loophole with Solana’s recent breach, although 1,400 wallets connected to the loophole were drained.
See related article: Seed-phrase leak from crypto wallet Slope prompts Solana hack
- Slope said a vulnerability in its mobile wallet’s error-reporting program, Sentry, could “inadvertently log sensitive data” when the wallet app has an error.
- This comes after the blockchain security firm OtterSec’s preliminary investigation said that Slope’s error logs transmitted to servers record the seed-phrases — the key to the cryptocurrency wallet — in an unencrypted way, which means anyone who can access the server could see that.
- But Slope said that all of its information transmitted to the central server is encrypted end-to-end, which means only people who have the decryption key can read it correctly. And that the central server uses three-factor authentication to control access.
- Slope said there was no evidence that all layers of security had been breached. Generally, cybersecurity protection includes seven layers: human, perimeter security, network, endpoint, application, data, and core assets.
- Some 9,223 crypto wallets from Phantom and Slope on the popular blockchain ecosystem Solana were breached and drained for almost US$6 million worth of crypto in total last week, of which 1,400 breached wallets were considered due to a loophole related to Slope.
- The other two parties involved in the breach, the blockchain Solana and the crypto wallet Phantom, claimed they have no code error related to the exploit.
See related article: Solana blames Slope for exploit