Solana crypto is a high throughput blockchain based on the Proof of History (PoH) and Proof of Stake (PoS) consensus. Built by a team of networking engineers, Solana aims to become the blockchain infrastucture for modern internet applications.
After an extensive audit, the Phantom indicated that the security breach that allowed the theft of more than 8,000 wallets was not in its systems. Other investigations suggest that the firm Slope may have been responsible for what happened.
- Phantom indicates that they were not responsible for the security breach.
- This breach affected 8,000 wallets of Phantom and other companies
- Research suggests that Slope could be responsible for the breach
The developer of Web3 wallets, Phantom, offered new details about the security breach that led to the theft of funds from nearly 8,000 crypto wallets of Solana provided by several companies, indicating that their systems were not compromised in the aftermath of these events.
Phantom was not responsible
This was indicated by the team of Phantom after conducting a thorough investigation over the past seven days. The audit an audit is a process where developers inspect the underlying code and/or algorithm that compose systems and applications. teams revealed that the company did not incur any vulnerabilities that could be associated with the theft of nearly $4.1 million USD from affected users.
About this, the team of Phantom posted a thread of messages on his Twitter where he wrote the following:
“After nearly a week of investigation, our team has found no evidence that Phantom’s systems were compromised during the Aug. 2 security the term securities refers to a fungible and tradable financial instrument that carries a type of monetary value. incident…. We performed a full internal audit and found no vulnerabilities that could explain this user exploit. Top cybersecurity firms @HalbornSecurity y @osec_io también están auditando Phantom de forma independiente. Hasta el momento, tampoco han encontrado ningún problema que pudiera haber contribuido a este incidente “.
1/ After almost a week of investigation, our team has not found any evidence that Phantom’s systems were compromised during the August 2nd security incident.
Work is still ongoing, but given the seriousness of the situation, we want to give an update on what we have done so far.
– Phantom (@phantom) August 9, 2022
About the security breach
As for the theft of the funds, the team from Phantom discovered that all of those affected had imported their seed codes/private keys to or from non-company wallets.
When the attack took place, several media outlets indicated that in addition to Phantom, other hot wallets were also affected, such as Slope y TrustWallet. The reports also indicated that several addresses of Solana were involved, with those wallets accumulating at least USD $5 million in tokens. SOL, SPL and other assets based on that network.
By that time, the attacker somehow gained the ability to sign (i.e., initiate and approve) transactions on behalf of users, suggesting that a trusted third-party service may have been compromised in a so-called supply chain attack.
The facts point to Slope
Regarding Slope, the developers of Solana tracked everything that happened to that application, so the hacked addresses were created, imported or used at some point within that app.
This was confirmed by the security firm Otter, which indicated that the seed codes generated by Slope were mistakenly sent to their servers and saved in perfectly readable plain text. Therefore, it is believed that low security standards were responsible for the security breach, which allowed unknown persons to drain the funds.
In this regard, at the time the Slope indicated that it did not have an answer about the security breach that compromised its wallets, but recently indicated that they were working hand in hand with TRM Labs and some legal agencies to resolve this whole issue.
- Some 8,000 Solana hot wallets affected in millionaire hacking hacking is the process of using a computer to manipulate another computer or computer system in an unauthorized fashion.
- Solana stablecoin a cryptocurrency with extremely low volatility, sometimes used as a means of portfolio diversification. Examples include gold-backed cryptocurrency or fiat-pegged cryptocurrency. disassociated after $3.5 million hack of Nirvana protocol the set of rules that define interactions on a network, usually involving consensus, transaction validation, and network participation on a blockchain.
- Hackers extract more than $8 million from Uniswap user through phishing when a scammer pretends to be a trusted institution or person to trick people into revealing sensitive information such as Social Security numbers, passwords, banking details, etc., often through a malware link disguised as legitimate. attack
Article by Angel Di Matteo / DiarioBitcoin
Imagen de Unsplash