Nicio „dovadă concludentă” că hack-ul Solana de 6 milioane USD cauzat de o lacună: Slope

Solana-based wallet Slope a spus on Thursday there is no “conclusive evidence” to connect its mobile wallet’s loophole with Solana’s recent breach, although 1,400 wallets connected to the loophole were drained.

Vezi articolul aferent: Seed-phrase leak from crypto wallet Slope prompts Solana hack

Fapte rapide

• Slope said a vulnerability in its mobile wallet’s error-reporting program, Sentry, could “inadvertently log sensitive data” when the wallet app has an error.

• This comes after the blockchain security firm OtterSec’s preliminary investigation said that Slope’s error logs transmitted to servers record the seed-phrases — the key to the cryptocurrency wallet — in an unencrypted way, which means anyone who can access the server could see that.

• But Slope said that all of its information transmitted to the central server is encrypted end-to-end, which means only people who have the decryption key can read it correctly. And that the central server uses three-factor authentication to control access.

• Slope said there was no evidence that all layers of security had been breached. Generally, cybersecurity protection includes sapte straturi: human, perimeter security, network, endpoint, application, data, and core assets.

• Some 9,223 crypto wallets from Phantom and Slope on the popular blockchain ecosystem Solana were breached and drained for almost US$6 million worth of crypto in total last week, of which 1,400 breached wallets were considered due to a loophole related to Slope. 

• The other two parties involved in the breach, the blockchain suntrap and the crypto wallet Fantomă, claimed they have no code error related to the exploit.

Vezi articolul aferent: Solana dă vina pe Slope pentru exploatare