Experts find private keys on Slope servers, still puzzled by access
Blockchain analytics firms involved in Solana exploit investigation reveal latest developments as teams attempt to understand how the private keys were stolen.
New
Blockchain audit firms are still trying to figure out how hackers gained access to approximately 8,000 private keys used to drain Solana-based wallets.
Investigations are ongoing after attackers managed to steal some $5 million worth of SOL and SPL tokens on August 3. Ecosystem participants and security companies help uncover the intricacies of the event.
Solana worked closely with Phantom and Slope.Finance, the two SOL wallet providers that had user accounts affected by the exploits. It has since emerged that some of the compromised private keys were directly linked to Slope.
Blockchain security and auditing firms Otter Security and SlowMist participated in the ongoing investigations and released their findings in direct correspondence with Cointelegraph.
Otter Security founder Robert Chen shared information with Solana and Slope from direct access to affected resources. Chen confirmed that a subset of affected wallets had private keys that were present on Slope's Sentry logging servers in the clear:
"The working theory is that an attacker somehow exfiltrated these logs and may have used them to compromise users. This is still an ongoing investigation, and the Current evidence does not explain all compromised accounts."
Chen also told Cointelegraph that some 5,300 private keys that were not part of the exploit were found in the Sentry instance. Nearly half of these addresses still contain tokens - users being prompted to move funds if they don't have any.
Blockchain analytics firms involved in Solana exploit investigation reveal latest developments as teams attempt to understand how the private keys were stolen.
New
Blockchain audit firms are still trying to figure out how hackers gained access to approximately 8,000 private keys used to drain Solana-based wallets.
Investigations are ongoing after attackers managed to steal some $5 million worth of SOL and SPL tokens on August 3. Ecosystem participants and security companies help uncover the intricacies of the event.
Solana worked closely with Phantom and Slope.Finance, the two SOL wallet providers that had user accounts affected by the exploits. It has since emerged that some of the compromised private keys were directly linked to Slope.
Blockchain security and auditing firms Otter Security and SlowMist participated in the ongoing investigations and released their findings in direct correspondence with Cointelegraph.
Otter Security founder Robert Chen shared information with Solana and Slope from direct access to affected resources. Chen confirmed that a subset of affected wallets had private keys that were present on Slope's Sentry logging servers in the clear:
"The working theory is that an attacker somehow exfiltrated these logs and may have used them to compromise users. This is still an ongoing investigation, and the Current evidence does not explain all compromised accounts."
Chen also told Cointelegraph that some 5,300 private keys that were not part of the exploit were found in the Sentry instance. Nearly half of these addresses still contain tokens - users being prompted to move funds if they don't have any.
What's Your Reaction?
