Auditors blame massive $4 million cryptocurrency heist on leaky logging technology

Blockchain auditors have suggested that the reason behind a massive $4 million hack of several cryptocurrency wallet providers stems from a misconfiguration in a widely used event-logging technology.

Cryptocurrency tokens Solana (SOL) and USD Coin (USDC) were among those stolen from Slope wallets by an unknown attacker after the wallets were found to contain seed phrases in plain text.

Seed phrases are strings of randomly generated words used to recover cryptocurrency wallets. They are considered safe and only the owners should know what these strings are.

Blockchain auditors Zellic and OtterSec both released the results of their respective investigations, which are still ongoing, with both focusing on the Slope wallet. They concluded that the problem was due to a misconfiguration in Sentry.

Sentry is an event logging platform used by many websites and mobile apps in the industry, including the Slope wallet for iOS and Android. Other wallets also affected are Phantom, Solflare and TrustWallet.

Zellic said: “Any interaction in the app would trigger an event log. Unfortunately, Slope Sentry has not been configured to clean sensitive information. Hence, [the seedphrases] were leaked to Sentry”.

Anyone with access to Sentry could access users’ private keys, OtterSec saidallowing them to recover wallets they don’t own and transfer tokens to their own personal wallet.

Zellics analysis revealed that Slope had only been using Sentry for a week before the breach was confirmed.

It is also possible to clean data that does not need to be registered in Sentry via the platform’s Software Developer Kit (SDK) or via server-side scrubbing.

Slope said many of the wallets of its founders and employees were also emptied in the attack.

OtterSec has been working with Slope since the attack began Tuesday night, with Slope providing logs dated July 28 to the investigator.

There are concerns about a discrepancy between the wallet addresses confirmed to have been affected by the hack and those present in Slope’s logs, OtterSec said.

“Approximately 1,400 of the addresses in the exploit were present in sentry logs. This is especially not true for all hacked addresses,” OtterSec said.

“Over 5,300 private keys were found in the Sentry instance that were not part of the exploit. 2,358 of those addresses contain tokens,” she added.

The results suggest that there are thousands of additional wallets containing cryptocurrency tokens that could currently be vulnerable to additional attacks from the as-yet-unknown hacker.

Slope wallet owners are strongly advised to transfer all tokens to another storage method, e.g. B. in a hardware ledger or a centralized exchange.

“We actively conduct internal investigations and audits and work with leading external security and audit groups,” Slope said in an official statement.

“We work with developers, security researchers, and protocols from across the ecosystem to identify and fix bugs [the situation].

“We are still actively diagnosing and are committed to releasing a full post-mortem, regaining your trust and doing this as best we can.”

From Wednesday, more than 9,000 wallets were emptiedwith increasing number.

Solana said it was conducting its own investigation into the incident, but “there is no evidence the Solana protocol or its cryptography was compromised.”

Plenty of research from across the industry is still ongoing, and more discoveries are likely to be made as the process progresses.

Featured Resources

The COO’s pocket guide to enterprise-wide intelligent automation

Automating more cross-company and expert work for a better value stream for customers

Free download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free download

2021 Gartner key capabilities for data integration tools

How to identify the right tool to support your data management solutions

Free download

Unified Endpoint Management Solutions 2021-22

Analysis of the VEM landscape

Free download

Leave a Comment