APP
Solana ecosystem wallet Slope updates the progress of the attack investigation stating that no additional vulnerabilities were found during the investigation and multi-party review, and that independent audit findings include.
1. There was a vulnerability in the Sentry Service implementation on Slope Wallets on mobile from July 28th to August 3rd that inadvertently logged sensitive data in cases where the apps generated an error event.
2. There is no evidence that all security layers (e.g., transmission and storage) were compromised. All the transmission to the Sentry server is protected through HTTPS end-to-end encryption, and access to the Sentry server is controlled through 3-factor authentication.
3. As confirmed in previous interim reports from Ottersec, the investigation team has cross-compared all hacked addresses (9,232 addresses in total) vs. all exposed addresses from the vulnerability in the Sentry database: the number of all hacked addresses is larger than the total number of addresses ever exposed from the Sentry server. A fraction (1,444 addresses) of the total exposure from the Sentry server has been confirmed drained in cross-comparison.
Source
- Last:
- Next:
