
Solana hack | Comment from Satnam Narang, Sr. Staff Research Engineer, Tenable
The Solana hack that led to the theft of over $5 million dollars was the result of a leak of seed phrases (or mnemonic phrases), a group of random words that are used to help users access or recover their cryptocurrency wallet, by a wallet made by Slope Finance.
Users that want to interact with various blockchains typically create what are called hot wallets, which can be easily accessed through browser extensions or mobile and desktop applications. As part of its application’s logging functionality, Slope Finance stored users’ seed phrases in plaintext within these logs, which has been determined to be the source of the breach. Users that created wallets using Slope Wallet or imported their wallets into Slope from other wallets like Phantom, have been affected.
Anyone that possesses a seed phrase or mnemonic phrase can assume control of users’ cryptocurrency and NFTs, which is why conventional advice to never share your seed phrase is so prominent. Unfortunately in this instance, users weren’t at fault and the plaintext storage of their seed phrases is what led to the theft of their funds.
For cryptocurrency enthusiasts looking to interact with various blockchains, we strongly advise doing your own research to verify if a project has conducted any third-party audits or pentesting of their applications or infrastructure before trusting your funds to these applications. Additionally, users are strongly encouraged to consider using a cold wallet, which includes hardware wallets, paper wallets, or offline USB/CD wallets that are not as easily accessible, to store their cryptocurrencies for the long term. – Satnam Narang, Sr. Staff Research Engineer, Tenable
More Stories
Almond announces the acquisition of Amossys and strengthens its position in cyber-security
Sèvres, 1st February 2023 – Almond, a leading independent French company providing audit and consultancy services in the field of...
ConsenSys Launches MetaMask Learn — The Next Step in Democratizing Web3
New York, NY, January 31, 2023 — Today, ConsenSys, a market-leading blockchain technology company, announced its newest initiative, MetaMask Learn....
Data Privacy Quote: Balaji Rao, Area Vice President, India & SAARC, Commvault
Data privacy has always been a hot topic, but in today’s world of data sprawl, data security threats, and increasing...
Data Privacy Day 2023: Top 3 Benefits of Zero Trust Shaping India’s Cybersecure Future
Undoubtedly, data is one of the most valuable resources of the 21st century. It has quickly become an important driving...
Hive ransomware gang brought down
“The actions undertaken by U.S. agencies to disrupt the Hive ransomware group operation from within is an unprecedented step in...
Tally Solutions to strengthen its technology and product team by 60% over the next 3 years
Mumbai, January 27, 2023: Tally Solutions, a pioneer in the software products industry delivering business management software for small and...
Average Rating