Celsius boss Alex Mashinsky may be largely responsible for many of the firm’s unprofitable trades leading up to its bankruptcy. A new report from the Financial Times (FT) suggests that the CEO may have taken over trading operations back in January. He then took actions with company funds that overruled the decisions of other executives with multiple years of finance experience. Mashinsky’s Massive Trades The latest info is according to multiple people familiar with the matter – though the information…
views
Slope Wallets Take the Fall for Ongoing Solana Exploit
In recent days, the Solana network has been the victim of a widespread attack that has affected over 8000 user accounts. So far, the culprit behind the hack has drained wallets of more than $8M worth of crypto assets.
According to the Solana team, it appears only Slope wallets have been susceptible to the hacks so far.
No Bugs On Solana’s End
Solana’s security personnel claims to have identified the origin of the breach. In an update that went up on the official Solana Twitter account yesterday, the team shared findings from their investigation. They revealed that the affected wallets all have ties to Slope mobile wallet applications.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
— Solana Status (@SolanaStatus) August 3, 2022
Slope is a web-based, non-custodial crypto wallet and browser extension that allows users to securely manage their assets on Solana. Notably, only hot wallets from the wallet provider suffered from the attack. Solana pointed out that Slope hardware wallets have remained secure.
The team took care to also point out that the attackers did not gain access via a flaw in the Solana code.
There is no evidence the Solana protocol or its cryptography was compromised.” the report affirmed.
Phantom Wallet, Devs Point to Slope
A statement from the Phantom wallet team also pointed to the issue stemming from Slope. The wallet provider had earlier shared that the exploit was not unique to their users. While hackers did drain some Phantom wallets, these accounts had interacted with Slope wallets at some point, said the team.
Hence, the wallet provider is inclined to believe the fault is with Slope. Regardless, they are still looking into other possible vulnerabilities that allowed the hack. For now, the team recommends that users move their assets to a new wallet with a fresh seed phrase and no connections to Slope.
A few crypto developers and crypto enthusiasts have also chimed in on Twitter. Crypto dev Foobar posted a thread discussing the seed phrase situation. Their report explained that poor coding on Slope’s end did not bring on the exploit.
Rather, the wallet providers may have been logging seed phrases on their centralized servers. Foobar ended the thread with a note to wait on Slope for confirmation. Fortunately, the team came through with a statement on the incident soon after.
How Did Slope Respond?
In their release to the slope community, the team rehashed the basic facts of the breach. They went on to state that while they do have a few theories, “nothing is yet firm.” Additionally, Slope confirmed and repeated some of the statements from Solana and Phantom.
Like Phantom, they encouraged users to create a new and unique seed phrase wallet for their assets. Slope also assured hard wallet users that their private keys have not been leaked. The wallet provider claims to be in the middle of an active investigation and audits.