reply on: 🧵Widespread Solana exploit draining wallets throughout the ecosystem 🚩🚩 \ stacker news ~bitcoin

0 sats \ 3 replies \ @cryptocoin OP 3 Aug 2022 \ parent \ on: 🧵Widespread Solana exploit draining wallets throughout the ecosystem 🚩🚩 bitcoin

This Tweet kicks off a thread where he tries to narrow it down to two reasons:

So this wallets being drained are all closed source software.

Classic.

https://twitter.com/nvcoelho/status/1554737291838590976 https://nitter.it/nvcoelho/status/1554737291838590976

0 sats \ 2 replies \ @cryptocoin OP 3 Aug 2022

This Tweet kicks off a thread with a summary so-far:

Seeing a lot of speculation on the hack still. After helping coordinate a SOL Security room for the last 12+ hours and speaking to multiple wallet peoviders, here are some things for the public to keep in mind. Core to everything: we do not have a clear explanation yet. Now, a 🧵

https://twitter.com/HelpedHope/status/1554812859737165824 https://nitter.net/HelpedHope/status/1554812859737165824

0 sats \ 1 reply \ @cryptocoin OP 3 Aug 2022

[UPDATE from Solana]

This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.

While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3

https://twitter.com/SolanaStatus/status/1554921397717180416 https://nitter.it/SolanaStatus/status/1554921397717180416

0 sats \ 0 replies \ @cryptocoin OP 4 Aug 2022

My god, so Slope was sending plain text private key and seed phrases to a server.

There is absolutely no acceptable design reason for that.

I expected a string appending somewhere incorrectly as a leak but this is labelled… what the hell?

https://twitter.com/Blokchainaholic/status/1555010999383883777

https://twitter.com/adamscochran/status/1555013537155747840 https://nitter.it/adamscochran/status/1555013537155747840