The Solana hack, which is now a week old, is still unclear. Phantom says it has no security vulnerabilities, while Slope says it has found a vulnerability in its services, but is not sure what it has to do with the hack as a whole
Phantom says it found no security holes in its system
A week after the $4 million hack on the Solana blockchain (SOL) that affected as many as 9,000 different wallets and whose cause is still unknown, Phantom, one of the affected wallets, claims to have no flaws to deplore.
1/ After almost a week of investigation, our team has not found any evidence that Phantom’s systems were compromised during the August 2nd security incident.
Work is still ongoing, but given the seriousness of the situation, we want to give an update on what we have done so far.
– Phantom (@phantom) August 9, 2022
“After almost a week of investigation, our team has found no evidence that Phantom’s systems were compromised in the August 2 security incident. “
According to the statement, Phantom has undergone several audits by OtterSec and Halborn Security, two independent companies specialising in blockchain auditing, which have had no flaws to report to date.
A statement that makes sense, corroborating the claims of Solana’s technical teams that the addresses concerned have at one time or another interacted with the mobile application of the Slope wallet.
Slope in a more complicated situation
In a statement issued on August 11, Slope acknowledges that it found a vulnerability in one of its services during the period July 28 to August 3. Specifically, the flaw would have allowed “inadvertent recording” of sensitive data in the event that the applications generated an error message.
However, according to Slope, although the dates coincide, this flaw is not responsible for the hack we have seen. Thus, we can read in the press release:
As confirmed in previous Ottersec interim reports, the investigation team cross-checked all hacked addresses (9,232 addresses in total) against all addresses exposed to the Sentry database vulnerability: The number of hacked addresses is larger than the total number of addresses exposed by the Sentry server. A fraction (1,444 addresses) of the total Sentry server exposure was confirmed to be dumped. “
In other words, the number of wallets impacted by the breach at Slope is less than the total number of wallets hacked.
It should be noted that the Sentry Service referred to by Slope refers to the file on which the seed phrases of the various wallets were located. An OtterSec report dated 4 August stated that the mnemonic phrases in the folder were not encrypted and were written in readable text.
To this, Slope replied that it was unlikely that the hacker had access to the keys in question, as the file was secured with 3-factor authentication and HTTPS encryption.
On 5 August, Slope had also issued a statement promising a 10% reward to the hacker if he returned the funds within 2 days.