Slope: Deleted server-side logs after discovery of bug, 1444 stolen wallets may be traced back to this bug
According to BlockBeats, on August 4, Solana ecowallet Slope said it had deleted server-side logs after discovering a vulnerability caused by a centralized Sentry server. Currently, 1,444 of the 9,223 wallets affected (15%) could be traced back to this bug. Slope is working with its audit partners and the Solana Foundation to identify any potential additional attack vectors and has notified the appropriate law enforcement agencies in order to conduct criminal investigations against the attackers.
Blockchain security agency OtterSec previously posted on social media that "over $4 million in assets were stolen from Solana wallets over the past two days, and it has been confirmed that Slope mobile app sends mnemonics to its centralized Sentry server via TLS, These mnemonics are then stored in clear text, which means that anyone with access to Sentry can access the user's private key. About 1400 of these addresses were present in Sentry in this attack, though this is not all of the addresses stolen. We are still investigating possible other mediums. In addition, over 5,300 private keys that were not included in the vulnerability were found in the Sentry instance, of which 2,358 addresses have tokens. Slope users are advised to transfer funds as soon as possible."
Original link