Solana x Slope Exploit Thread
Update 6:30 PM CT: Zach Dhihan gives advice to users who want to keep using their Slope Wallets.
Update 4:20 PM CT: Zach Dhihan officially gives recommendation that users who imported wallet accounts into slope to regenerate new seed phrases for those accounts asap.
Update 3:30 PM CT: Solana Labs issues an official response.
Update 3:00 PM CT:?Slope Finance?issues an initial official statement
Update 12:45 PM CT:?Anatoly Yakovenko?confirms with another researcher,?Adam Cochran, his observation that?Slope Finance?seems to be the common denominator in the attack.
领英推荐
Update 5:00 AM CT:?Anatoly Yakovenko,?#Solana?Co-founder, is all but confirming this is a iOS/Android level supply chain attack.
Original Post:
Ok, so yesterday afternoon?#Solana?wallets started getting drained. Other tokens such as?#USDC?were drained as well.?As of writing this over $1.7 Million (USD) worth of Solana was drained out of almost 8000 unique wallets.
The current resounding theory is that mobile users have their private keys/phrases cached on the phone as a JSON file (.env file) and that is somehow being exploited due to malware in the source code of the wallets themselves.?
The exploit seems to have mainly affected iOS devices, but some android devices were exploited as well.?Phantom,?Trust Wallet, and?Slope Finance?wallets across mobile and browser extensions were affected.?
There are a handful of?#whitehat?hackers who were able to trace the IP of the attackers to Moldova by sending self-hosted NFTs - with some fancy code tucked in - to the attackers' wallets and then waited for them to open the NFTs in?Phantom. After doing that the server hosting the NFTs was able to scrape the data to get the IP and browser information.?
I’ll keep covering this story as it evolves.?
A mind that never sleeps.
2 年Amazing efforts on this Dennis. ??????