Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech

Uploaded on 2022-08-19 in TECHNOLOGY-Key Areas-Blockchain, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Blockchain auditors have suggested the reason behind a massive $4 million hack on several crypto-currency wallet providers is a misconfiguration in a widely used event-logging technology. 

Crypto-currency tokens Solana (SOL) and USD Coin (USDC) were among those stolen from Slope wallets by an unknown attacker, after the wallets were found to be leaking seedphrases in plaintext. Seedphrases are strings of randomly generated words used to recover crypto-currency wallets. They are considered secure, and only the owners are supposed to know what these strings are.

Blockchain auditors Zellic and OtterSec have both published the findings from their respective investigations, which are still ongoing, have suggested the reason behind a massive $4 million hack on several crypto-currency wallet providers is due to a misconfiguration in a widely-used event-logging technology.

Professional cyber criminals know that blockchain’s algorithms are secure and have busied themselves looking for other ways to manipulate and penetrate them.

Slope, Solana & Phantom Wallets

In a recent incident, the blockchain platform Solana reported that 7767 wallets were impacted during a security incident in which $4 million was stolen. In addition to Solana customers, Slope and Phantom users were also affected. While the cause of the exploit is unknown, Solana has said that hardware wallets were not affected in the incident and users are strongly encouraged to use this type of wallet. The firm says that engineers from several different operating environments are investigating the incident.

The attack against Solana is the latest in a series of attacks targeting the crypto currency industry and users are advised to take particular care in securing their profiles and wallets, such as revoking third-party permissions and setting up extra security measures.

Blockchain - An Immutable Ledger

Known as an "immutable ledger," blockchain is supposed to be impervious to bad actors and this is one of the reasons blockchain has become so popular is that its design prevents anyone from deleting or changing a record once it has been created. 

This renders blockchain especially useful for crypto currency applications, where it’s important that records of spent money can’t be changed or deleted, as well as e-voting, financial records, manufacturing records, product provenance, and many other applications. However, the ownership blockchains for these coins and tokens are also vulnerable to type of hacking and fraud.
 
Blockchain’s auditors Zellic and OtterSec have concluded the issue stemmed from a misconfiguration in Sentry, an event-logging platform used by many websites and mobile apps in the industry, including the Slope wallet for iOS and Android. Other wallets also affected include Phantom, Solflare, and TrustWallet. 

  • Zellic said “any interaction in the app would trigger an event log. Unfortunately, Slope didn't configure Sentry to scrub sensitive info. Consequently, the seedphrases were leaked to Sentry”.
  • According to  OtterSec, anyone with access to Sentry could access users’ private keys, allowing them to recover wallets that don’t belong to them and transfer tokens to their own personal wallet. 

Zellic’s research suggested that Slope had only been using Sentry for a week before the breach was confirmed. It also found it’s possible to scrub data that doesn’t need to be logged in Sentry via the platform’s software developer kit or via server-side scrubbing.

Almost 1,400 of the addresses in the exploit were present in Sentry logs, although this does not account for all the hacked addresses. The research suggests that there are thousands of additional wallets that contain crypto currency tokens and could currently be vulnerable to additional attacks from the still-unknown hacker.

Owners of a Slope wallet are strongly advised to transfer all tokens into a different method of storage as soon as possible, such as a hardware ledger or centralised exchange. 

ITPro:    Techcentral:     Techopedia:    AnalyticsInsight:     Reddit:     Monash University:     

Oodaloop:    @Zellico.ai:     @osec_io

You Might Also Read: 

Chainalysis Crypto Theft Hotline:   
  

« Killnet Turn Their Attention To Lockheed Martin
Protecting Medical Devices From Cyber Attacks »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

Socama Group

Socama Group

Socama Group is an innovative firm providing high-value electronic payment and security solutions for enterprises and individuals.

Dionach

Dionach

Dionach are a certified information security specialists who provide Penetration Testing, IT Security Auditing and Information Security Consultancy.

Credence Security

Credence Security

Credence Security, previously ARM, the regions speciality distribution company, specializes in IT security, Forensics and Incident Response.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

CICRA

CICRA

CICRA is Sri Lanka's pioneering cyber security training and consultancy provider.

Industrial Internet Consortium (IIC)

Industrial Internet Consortium (IIC)

The Industrial Internet Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Borsetta

Borsetta

Borsetta creates end-to-end intelligent computing solutions for edge devices by combining the highest levels of hardware security, compute density, and neural network efficiency.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.