Why did hackers find money in Solana users’ wallets?
Experts have found a private key stored on Slope’s wallet server and suspect it could be the cause of the loss of 8,000 Solana users.
On August 3, thousands of Solana cryptocurrency users had their wallets stolen. According to Solana founder Anatoly Yakovenko, hackers use and obtain users’ private keys. Hacked wallets become known when the private key is entered or generated on the mobile device. Previously, only Phantom and Slope wallet users were affected.
The public is very concerned about why hackers got hold of the private keys of 8,000 users. In order to connect to the wallet and continue transferring funds, the hacker needs to know the private key (private code) or passphrase (12-24 randomly arranged English words). According to the principle of blockchain security and decentralization, these words are owned by the user and are not stored on a server. Because of this, there are people who lose hundreds of millions of dollars by not remembering the private key to access the wallet.
At first, they thought that billionaire Changpeng Zhao, the CEO of Binance, might be the cause. Hackers can exploit third-party vulnerabilities to steal users’ private keys.
However, blockchain security firm Otter Security has noticed unusual activity on Slope’s wallet server. According to Robert Chen, the founder of Otter Security, the private keys of many of the hacked victims’ wallets were stored on Slope’s Sentry server. “In theory, a hacker could break into a slop server and steal records so they can easily access the user’s wallet and transfer funds,” he said. payphone Quote from Chen.
An analysis by the SlowMist security team came to the same conclusion. This group reported that the slope wallet server collected the wallet and private key information and sent it to o7e.slope.finance.
Many other experts have confirmed that Sloop stored wallet data indiscriminately after discovery. But everyone is waiting for Solana, Sloop and the Famtom team to explain.
According to security experts like Mr. Nguyen Viet Dinh, CTO of Simper, Slop seriously violated the principle when creating a cryptocurrency wallet. “Your systems may have been hacked, or an insider may have stolen users’ funds. But protecting users’ financial information and private keys is highly reprehensible,” Dinh said.
Dinh also said that this event was particularly impressive because the hacker was targeting the wallets of thousands of people rather than a specific project system. This shows that the adage “not your key, not your coin” (if you don’t store the private key, your coin isn’t yours) is true and incomplete in the cryptocurrency world. Even if the user keeps the key carefully, the money in the wallet can still be stolen by others. Because of this, the hack is shaking the cryptocurrency community.
According to Robert Chen, the private keys of at least 5,300 Slope users are stored on the server. About half of them still carry tokens in their wallets. A Coin98 wallet representative advises the community to transfer funds from hacked wallets. To ensure asset safety, users should not create new wallets and import wallets created elsewhere.
Mr. Chen believes that some wallet providers are exaggerating when they say their security is comparable to decentralized platforms. This period of time will change the way users think about the relationship between wallet providers and third-party security partners.