Blockchain Auditors Say $4m Crypto Theft Enabled By Logging Tech

Uploaded on 2022-08-19 in TECHNOLOGY-Key Areas-Blockchain, TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

Blockchain auditors have suggested the reason behind a massive $4 million hack on several crypto-currency wallet providers is a misconfiguration in a widely used event-logging technology. 

Crypto-currency tokens Solana (SOL) and USD Coin (USDC) were among those stolen from Slope wallets by an unknown attacker, after the wallets were found to be leaking seedphrases in plaintext. Seedphrases are strings of randomly generated words used to recover crypto-currency wallets. They are considered secure, and only the owners are supposed to know what these strings are.

Blockchain auditors Zellic and OtterSec have both published the findings from their respective investigations, which are still ongoing, have suggested the reason behind a massive $4 million hack on several crypto-currency wallet providers is due to a misconfiguration in a widely-used event-logging technology.

Professional cyber criminals know that blockchain’s algorithms are secure and have busied themselves looking for other ways to manipulate and penetrate them.

Slope, Solana & Phantom Wallets

In a recent incident, the blockchain platform Solana reported that 7767 wallets were impacted during a security incident in which $4 million was stolen. In addition to Solana customers, Slope and Phantom users were also affected. While the cause of the exploit is unknown, Solana has said that hardware wallets were not affected in the incident and users are strongly encouraged to use this type of wallet. The firm says that engineers from several different operating environments are investigating the incident.

The attack against Solana is the latest in a series of attacks targeting the crypto currency industry and users are advised to take particular care in securing their profiles and wallets, such as revoking third-party permissions and setting up extra security measures.

Blockchain - An Immutable Ledger

Known as an "immutable ledger," blockchain is supposed to be impervious to bad actors and this is one of the reasons blockchain has become so popular is that its design prevents anyone from deleting or changing a record once it has been created. 

This renders blockchain especially useful for crypto currency applications, where it’s important that records of spent money can’t be changed or deleted, as well as e-voting, financial records, manufacturing records, product provenance, and many other applications. However, the ownership blockchains for these coins and tokens are also vulnerable to type of hacking and fraud.
 
Blockchain’s auditors Zellic and OtterSec have concluded the issue stemmed from a misconfiguration in Sentry, an event-logging platform used by many websites and mobile apps in the industry, including the Slope wallet for iOS and Android. Other wallets also affected include Phantom, Solflare, and TrustWallet. 

  • Zellic said “any interaction in the app would trigger an event log. Unfortunately, Slope didn't configure Sentry to scrub sensitive info. Consequently, the seedphrases were leaked to Sentry”.
  • According to  OtterSec, anyone with access to Sentry could access users’ private keys, allowing them to recover wallets that don’t belong to them and transfer tokens to their own personal wallet. 

Zellic’s research suggested that Slope had only been using Sentry for a week before the breach was confirmed. It also found it’s possible to scrub data that doesn’t need to be logged in Sentry via the platform’s software developer kit or via server-side scrubbing.

Almost 1,400 of the addresses in the exploit were present in Sentry logs, although this does not account for all the hacked addresses. The research suggests that there are thousands of additional wallets that contain crypto currency tokens and could currently be vulnerable to additional attacks from the still-unknown hacker.

Owners of a Slope wallet are strongly advised to transfer all tokens into a different method of storage as soon as possible, such as a hardware ledger or centralised exchange. 

ITPro:    Techcentral:     Techopedia:    AnalyticsInsight:     Reddit:     Monash University:     

Oodaloop:    @Zellico.ai:     @osec_io

You Might Also Read: 

Chainalysis Crypto Theft Hotline:   
  

« Killnet Turn Their Attention To Lockheed Martin
Protecting Medical Devices From Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Chatham House

Chatham House

Chatham House is an independent policy institute based in London. Topics cover foreign affairs and defence including cyber security.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Oak Ridge National Laboratory (ORNL)

Oak Ridge National Laboratory (ORNL)

ORNL conducts basic and applied research and development in key areas of science for energy, advanced materials, supercomputing and national security including cybersecurity.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Robosoft Technologies

Robosoft Technologies

Robosoft Technologies is a full-service digital transformation partner. We provide end-to-end digital transformation services in areas including cybersecurity.