Craig (Cpt. Scruffy) โ—Ž Profile picture
Aug 3 โ€ข 10 tweets โ€ข 5 min read
Was able to reproduce the @slope_finance private key and seed phrase leak found by @MoonRankNFT on Slope's iOS app and have some thoughts on what most likely happened.
๐Ÿงต๐Ÿ‘‡

CC: @solana, @solana
#solana #crypto #hack #privatekey #leak
First, to reproduce, you need a proxy to snoop on network requests.

I installed the Slope App on my Mac, and ran Fiddler in the background.
After that, you need to update your "hosts.conf" file to resolve to Slope's Sentry ingestion server:
Then, all you need to do is open Slope, create a wallet, and look for requests to o7e.slope.finance.
In one of the request bodies, you should see something like this:
This is your private key and mnemonic being sent to their Sentry endpoint in plaintext.

Now the question is... was this intentional?
Looking at the Sentry event directly below the one that leaked the credentials, you can see that the private key and mnemonic are redacted.
This looks like a logging misconfiguration in my opinion.

I've used Sentry for other projects in the past, and it's a fantastic tool, but it looooooooves to send a ton of data.

This brings us to our final question: who did this?
The most likely options, in my opinion, are either an insider at Slope with access to their Sentry account performed the exfiltration, or their Sentry account was compromised after a threat actor discovered the leaks.
@slope_finance @MoonRankNFT @solana Update in response to @slope_finance's claim that 15% of wallets can be traced to their logging:

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with Craig (Cpt. Scruffy) โ—Ž

Craig (Cpt. Scruffy) โ—Ž Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(