Slope wallet provider saved user seed phrases in plain text, Solana security researchers find

Security researchers at Otter claim they have pinned down what may have caused the widely publicized breach, targeting nearly 8,000 crypto wallets in the Solana ecosystem.

On Thursday morning, Otter, a security firm focused on Solana, reported that the Slope’s wallet app sent out users’ seed phrases to a centralized server. Slope hired this server from a company called Sentry. 

It added that seed phrases passed to Slope’s server were saved in the form of readable text. Since the phrases were not encrypted, anybody with access to this specific Sentry server could potentially access users’ private keys. The low security standard likely led to the breach giving hackers the ability to acquire the seed phrases and drain funds.

“We have independently confirmed that Slope’s mobile app sends off mnemonics via TLS [Transport Layer Security] to their centralized Sentry server,» Otter researchers wrote in a tweet.

Meanwhile, Slope has made a statement saying it didn’t have a firm answer to the cause of the breach. “We have some hypotheses as to the nature of the breach, but nothing is yet firm,” it said.

Slope did not immediately respond to The Block’s request for comment.

As a security measure, Slope has advised all of its past users to transfer funds out by creating other wallets with unique seed phrases.

Otter’s on-chain analysis has estimated that, so far, $4 million has been stolen by hackers. Previous estimates from security firms such as Elliptic and Anchain had ascertained the exploit sum to be at least $5 million. These funds can be located sitting in four Solana wallets.

Source