Was able to reproduce the @slope_finance private key and seed phrase leak found by @MoonRankNFT on Slope's iOS app and have some thoughts on what most likely happened.
๐งต๐
First, to reproduce, you need a proxy to snoop on network requests.
I installed the Slope App on my Mac, and ran Fiddler in the background.
After that, you need to update your "hosts.conf" file to resolve to Slope's Sentry ingestion server:
Then, all you need to do is open Slope, create a wallet, and look for requests to o7e.slope.finance.
In one of the request bodies, you should see something like this:
This is your private key and mnemonic being sent to their Sentry endpoint in plaintext.
Now the question is... was this intentional?
Looking at the Sentry event directly below the one that leaked the credentials, you can see that the private key and mnemonic are redacted.
This looks like a logging misconfiguration in my opinion.
I've used Sentry for other projects in the past, and it's a fantastic tool, but it looooooooves to send a ton of data.
This brings us to our final question: who did this?
The most likely options, in my opinion, are either an insider at Slope with access to their Sentry account performed the exfiltration, or their Sentry account was compromised after a threat actor discovered the leaks.