Slope says no evidence linking security flaw to massive hack
Solana-based crypto wallet Slope has revealed details of its investigations into a multi-million dollar hack that occurred early this month, saying there was a vulnerability in its application monitoring service but “no conclusive evidence” showed this flaw had caused the hack.
The vulnerability existed in the Slope on-premise 3rd-party application monitoring service on Slope Wallets on mobile between July 28 and August 3. It inadvertently logged sensitive data in cases where the apps generated an error event, Slope said in an August 11 statement.
While admitting that the vulnerability put many assets in danger, Slope said there was no conclusive evidence to link it to the August 3 exploit – in which an estimated US$5 million worth of assets were drained from Solana wallets.
Slope said that a total of 9,232 addresses were hacked, which was larger than the total number of addresses ever exposed from the flaw. Of the exposed addresses, 1,444 were confirmed to have been drained, it said.
The investigation was conducted in collaboration with auditors OtterSec and SlowMist and cybercrime firm TRM. Slope said the investigation was nearing its conclusion.
Slope said that the independent auditors did not find additional security issues and that it would soon share more details on the asset recovery measures for the victims affected in the exploit.
Apart from Slope, several other wallet apps, including Phantom, have been reported to have been affected in the hack. According to blockchain monitoring service PeckShieldAlert, the exploit caused an estimated loss of US$8 million.
Some observers earlier suggested that there might be a vulnerability in Phantom or the Solana system. On August 4, Solana Status said its preliminary findings showed the affected addresses were at one point created, imported or used in Slope mobile wallet applications.
- BŌSŌ TOKYO jazzes up Shibuya Scramble Crossing with XR and NFTs – an interview with the pioneers in unprecedented project
- Thailand launches NFT program to offer tourist benefits
- Shinsei Galverse NFTs can be used as VTubers under new feature
- Tokyo Metro to release Series 7000 train NFTs
- Universal Studios offer NFTs as part of Halloween Horror Nights
- Art group teamLab’s NFT project explores nature of blockchain
- English football club owners WAGMI United team up with Adidas to launch NFTs, aim to build ‘decentralised’ management model
- Publisher recalls new Web3 guidebook in wake of errors
- Johnnie Walker lets NFT holders vote on design of limited-edition bottle
- Japanese IT school Digital Hollywood teams up with The Sandbox to nurture creators
- BŌSŌ TOKYO jazzes up Shibuya Scramble Crossing with XR and NFTs – an interview with the pioneers in unprecedented project
- Japan’s DDT Pro Wrestling uses NFT to award right to challenge champion
- Shibuya event to showcase NFTs, Web3 tech
- HashPort raises US$6.9m to boost NFT, SBT businesses
- New Service ‘Pie’ enables credit card payment for NFT purchases on OpenSea
- Art group teamLab’s NFT project explores nature of blockchain
- Thailand launches NFT program to offer tourist benefits
- Move-to-earn game Dustland Runner launches ape-themed campaign with Animoca Brands
- English football club owners WAGMI United team up with Adidas to launch NFTs, aim to build ‘decentralised’ management model
- RTFKT releases 3D files, commercial rights to Clone X NFT owners
- BŌSŌ TOKYO jazzes up Shibuya Scramble Crossing with XR and NFTs – an interview with the pioneers in unprecedented project
- Art group teamLab’s NFT project explores nature of blockchain
- Shibuya event to showcase NFTs, Web3 tech
- Telegram founder mulls ‘NFT-like’ approach to auctioning usernames, links
- Japan’s DDT Pro Wrestling uses NFT to award right to challenge champion
- Azuki sells 8 NFT-linked golden skateboards for US$2.54m
- Entrepreneur Yusaku Maezawa to set up US$78m fund for Web3 investment
- CryptoNinja Partners NFTs featured as reward for hometown tax contributors
- NEO TOKYO CLASH event gives Shibuya crossing cyberpunk twist
- DMM.com to launch ‘Kanpani Girls’ as first blockchain game