Security researchers at Otter claim they have discovered what may have been the cause of the massive theft. It targets nearly 8,000 digital wallets in the Solana ecosystem.
On Thursday morning, network monitoring security firm Otter, Solana, reported that Slope’s wallet app sent users’ seed phrases to a centralized server. Slope employs the server from a company called Sentry.
Seed phrases sent to Slope’s servers are saved as plain, unencrypted text. That means anyone with access to this particular Sentry server may have access to the user’s private key. As a result, low security standards can lead to theft from hackers.
“We’ve confirmed that the Slope mobile app sends mnemonics via TLS. [Transport Layer Security] to their centralized Sentry server.” Researcher Otter write in tweet
Meanwhile, Slope released a statement saying there was no clear answer as to the reasons for the submission of the seed phrases.
“We have some assumptions regarding user data breaches. But nothing is certain right now.”
as a safety measure to sloperecommendAll past users transfer money out by creating a new wallet with other seed phrases.
However, according to an on-chain analysis of Otter It has been estimated that hackers have stolen $4 million so far, but the service has remained undisclosed.