Was able to reproduce the @slope_finance private key and seed phrase leak found by @MoonRankNFT on Slope's iOS app and have some thoughts on what most likely happened.
๐งต๐
CC: @solana, @solana
#solana #crypto #hack #privatekey #leak
๐งต๐
CC: @solana, @solana
#solana #crypto #hack #privatekey #leak
First, to reproduce, you need a proxy to snoop on network requests.
I installed the Slope App on my Mac, and ran Fiddler in the background.
I installed the Slope App on my Mac, and ran Fiddler in the background.
After that, you need to update your "hosts.conf" file to resolve to Slope's Sentry ingestion server:
Then, all you need to do is open Slope, create a wallet, and look for requests to o7e.slope.finance.
In one of the request bodies, you should see something like this:
This is your private key and mnemonic being sent to their Sentry endpoint in plaintext.
Now the question is... was this intentional?
Now the question is... was this intentional?
Looking at the Sentry event directly below the one that leaked the credentials, you can see that the private key and mnemonic are redacted.
This looks like a logging misconfiguration in my opinion.
I've used Sentry for other projects in the past, and it's a fantastic tool, but it looooooooves to send a ton of data.
This brings us to our final question: who did this?
I've used Sentry for other projects in the past, and it's a fantastic tool, but it looooooooves to send a ton of data.
This brings us to our final question: who did this?
The most likely options, in my opinion, are either an insider at Slope with access to their Sentry account performed the exfiltration, or their Sentry account was compromised after a threat actor discovered the leaks.
@slope_finance @MoonRankNFT @solana Update in response to @slope_finance's claim that 15% of wallets can be traced to their logging:
https://twitter.com/MiamiVice_sol/status/1555275960823398401
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
