Solana’s blockchain hacking: Tenable’s comment

Millions of dollars in cryptocurrencies and other tokens have been stolen from internet-connected wallets on the Solana blockchain. Assets were stolen from around 8,000 wallets, mainly those of Phantom and Slope mobile wallet users. Below is a comment from Satnam Narang, Tenable’s Senior Research Engineer on this topic. Feel free to use it if you wish to process the information.

“Solana’s hack, which led to the theft of over $ 5 million, was the result of a seedphrase (or mnemonic phrases), a group of random words used to help users access or recover their wallet. cryptocurrency, from a wallet created by Slope Finance.

Users who want to interact with various blockchains usually create so-called hot wallets, which can be accessed easily via browser extensions or mobile and desktop apps. As part of its app’s logging feature, Slope Finance stored users’ startup phrases in plain text in these logs, which was determined to be the source of the breach. Users who created wallets using Slope Wallet or imported their wallets into Slope from other wallets like Phantom were interested.

Anyone with a seed phrase or mnemonic phrase can take control of users’ cryptocurrency and NFTs, which is why the classic advice never to share your phrase is so important. Unfortunately, in this case, the users were not at fault and it was the filing of their initial phrases in clear text that led to the theft of their funds.

For cryptocurrency enthusiasts looking to interact with various blockchains, we highly recommend doing your own research to see if a project has performed third-party audits or pentests on its applications or infrastructure before committing your funds to these apps. Additionally, users are strongly encouraged to consider using a cold wallet, which includes hardware wallets, paper wallets, or offline USB / CD wallets that are not easily accessible, to store their cryptocurrencies for the long term. “

Leave a Comment