Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech

Uploaded on 2022-08-19 in TECHNOLOGY-Key Areas-Blockchain, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Blockchain auditors have suggested the reason behind a massive $4 million hack on several crypto-currency wallet providers is a misconfiguration in a widely used event-logging technology. 

Crypto-currency tokens Solana (SOL) and USD Coin (USDC) were among those stolen from Slope wallets by an unknown attacker, after the wallets were found to be leaking seedphrases in plaintext. Seedphrases are strings of randomly generated words used to recover crypto-currency wallets. They are considered secure, and only the owners are supposed to know what these strings are.

Blockchain auditors Zellic and OtterSec have both published the findings from their respective investigations, which are still ongoing, have suggested the reason behind a massive $4 million hack on several crypto-currency wallet providers is due to a misconfiguration in a widely-used event-logging technology.

Professional cyber criminals know that blockchain’s algorithms are secure and have busied themselves looking for other ways to manipulate and penetrate them.

Slope, Solana & Phantom Wallets

In a recent incident, the blockchain platform Solana reported that 7767 wallets were impacted during a security incident in which $4 million was stolen. In addition to Solana customers, Slope and Phantom users were also affected. While the cause of the exploit is unknown, Solana has said that hardware wallets were not affected in the incident and users are strongly encouraged to use this type of wallet. The firm says that engineers from several different operating environments are investigating the incident.

The attack against Solana is the latest in a series of attacks targeting the crypto currency industry and users are advised to take particular care in securing their profiles and wallets, such as revoking third-party permissions and setting up extra security measures.

Blockchain - An Immutable Ledger

Known as an "immutable ledger," blockchain is supposed to be impervious to bad actors and this is one of the reasons blockchain has become so popular is that its design prevents anyone from deleting or changing a record once it has been created. 

This renders blockchain especially useful for crypto currency applications, where it’s important that records of spent money can’t be changed or deleted, as well as e-voting, financial records, manufacturing records, product provenance, and many other applications. However, the ownership blockchains for these coins and tokens are also vulnerable to type of hacking and fraud.
 
Blockchain’s auditors Zellic and OtterSec have concluded the issue stemmed from a misconfiguration in Sentry, an event-logging platform used by many websites and mobile apps in the industry, including the Slope wallet for iOS and Android. Other wallets also affected include Phantom, Solflare, and TrustWallet. 

  • Zellic said “any interaction in the app would trigger an event log. Unfortunately, Slope didn't configure Sentry to scrub sensitive info. Consequently, the seedphrases were leaked to Sentry”.
  • According to  OtterSec, anyone with access to Sentry could access users’ private keys, allowing them to recover wallets that don’t belong to them and transfer tokens to their own personal wallet. 

Zellic’s research suggested that Slope had only been using Sentry for a week before the breach was confirmed. It also found it’s possible to scrub data that doesn’t need to be logged in Sentry via the platform’s software developer kit or via server-side scrubbing.

Almost 1,400 of the addresses in the exploit were present in Sentry logs, although this does not account for all the hacked addresses. The research suggests that there are thousands of additional wallets that contain crypto currency tokens and could currently be vulnerable to additional attacks from the still-unknown hacker.

Owners of a Slope wallet are strongly advised to transfer all tokens into a different method of storage as soon as possible, such as a hardware ledger or centralised exchange. 

ITPro:    Techcentral:     Techopedia:    AnalyticsInsight:     Reddit:     Monash University:     

Oodaloop:    @Zellico.ai:     @osec_io

You Might Also Read: 

Chainalysis Crypto Theft Hotline:   
  

« Killnet Turn Their Attention To Lockheed Martin
Protecting Medical Devices From Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

Veeam

Veeam

Veeam is the leader in intelligent data management for the Hyper-Available Enterprise.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

PAX Momentum

PAX Momentum

PAX Momentum is the Mid-Atlantic’s premier startup accelerator, specializing in cyber, enterprise software, telecom, CleanTech, FinTech, InsureTech, and AI.

cleverDome

cleverDome

cleverDome has created the first community built and proven model that redefines the standards for protecting the most confidential data and information of consumers in the cloud.

Aryaka

Aryaka

Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

IgmGuru

IgmGuru

Igmguru offers certification online training courses for IT professionals and students. Get certified with high-in-demand job-oriented professional courses.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

Runtime Ventures

Runtime Ventures

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise.