Internet Security

Solana and Slope Confirm Wallet Security Breach

Key Takeaways Solana has confirmed that addresses affected by today’s security breach were created or used within the Slope wallet. Slope also published an official statement on the situation, noting that it will provide a full postmortem in the future. Full details of the attack are still under investigation. Share this article URL Copied The…

Key Takeaways

  • Solana has confirmed that addresses affected by today’s security breach were created or used within the Slope wallet.
  • Slope also published an official statement on the situation, noting that it will provide a full postmortem in the future.
  • Full details of the attack are still under investigation.

Share this article

The Solana Foundation and Slope have provided additional information on a security breach that affected thousands of wallets today.

Solana Confirms Wallet Breach

The Solana Foundation has published new details about today’s attack.

Earlier, nearly 8,000 addresses were drained through what was believed to be a breach of the third-party wallet app Slope.

This afternoon, the Solana Foundation confirmed on the Solana Status Twitter account that the addresses affected by the attack “were at one point created, imported, or used in Slope mobile wallet applications.”

It added that private key information was accidentally transmitted to an application monitoring service. It said that further details “are still under investigation.”

The attack only affected Slope’s downloadable wallet app; Slope hardware wallets are still secure. Though thousands of wallets were drained, the Solana Foundation added that the Solana protocol itself remains secure.

Slope also commented on the situation. It said that a “cohort” of Slope wallets were compromised and confirmed that several of its own staff wallets were drained.

Slope said that it had not confirmed the nature of the attack. “We have some hypotheses as to the nature of the breach, but nothing is yet firm,” Slope said in its official statement. It committed to publishing a full post-mortem in the future.

The company also suggested that users take action to secure their funds. It advised users to create a new seed phrase and wallet and transfer their funds to that wallet.

Both companies say that they are performing internal investigations and working with external auditors.

Various other individuals within the Solana ecosystem provided information and speculated on the attack earlier today.

At least two other projects in the Solana ecosystem have been hacked this year. Cashio was hacked for $28 million in March, while Wormhole was hacked for $322 million in February.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.

Share this article

Read More

Be the first to write a comment.

Leave a Reply

Internet Security

Thai SEC Forbids Local Crypto Firms From Offering Staking and Lending Services

By enforcing the ban, Thailand’s SEC wants to ensure maximum security for local cryptocurrency participants…

By enforcing the ban, Thailand’s SEC wants to ensure maximum security for local cryptocurrency participants…
Read More

Continue Reading
Internet Security

Whistleblower details foreign agents placed at Twitter, lack of data safeguards

Peiter Zatko, the former Twitter security chief who turned whistleblower, told the Senate Judiciary Committee on Tuesday that the social media company’s security practices were so weak that foreign governments were able to place agents on the company’s payroll. Zatko also told lawmakers that U.S. regulators are unable to police tech companies…

Peiter Zatko, the former Twitter security chief who turned whistleblower, told the Senate Judiciary Committee on Tuesday that the social media company’s security practices were so weak that foreign governments were able to place agents on the company’s payroll. Zatko also told lawmakers that U.S. regulators are unable to police tech companies…
Read More

Continue Reading
Internet Security

What is PAX Gold (PAXG) and how does it work?

PAX Gold is a cryptocurrency and gold hybrid that bridges the gap between the two investment options. It offers the security and stability of cryptocurrencies…

PAX Gold is a cryptocurrency and gold hybrid that bridges the gap between the two investment options. It offers the security and stability of cryptocurrencies…
Read More

Continue Reading
Internet Security

Tornado Cash Dev Alexey Pertsev May Have Ties to Russian FSB

Key Takeaways Alexey Pertsev, a developer for Tornado Cash, reportedly worked for Digital Security OOO in 2017. That company was sanctioned by the U.S. Treasury for supporting Russia’s Federal Security Service (FSB). Pertsev’s wife, Ksenia Malik, has denied that husband was involved with any Russian intelligence agency. Share this article URL Copied Alexey Pertsev, a…

Key Takeaways

  • Alexey Pertsev, a developer for Tornado Cash, reportedly worked for Digital Security OOO in 2017.
  • That company was sanctioned by the U.S. Treasury for supporting Russia’s Federal Security Service (FSB).
  • Pertsev’s wife, Ksenia Malik, has denied that husband was involved with any Russian intelligence agency.

Share this article

Alexey Pertsev, a developer arrested for his work on Tornado Cash, may have past ties to the Russian Federation’s central intelligence apparatus.

Pertsev Worked for Russian Security Firm

Alexey Pertsev likely worked for a Russian security company with ties to state intelligence agencies prior to his contributions to Tornado Cash.

According to the intelligence firm Kharon, Pertsev worked for the Russia-based Digital Security OOO in 2017. The U.S. Treasury sanctioned the firm in 2018, alleging that it had supported Russia’s Federal Security Service (FSB) since 2015.

Pertsev was not among the five entities and three individuals named by the Treasury in its statement. Instead, Kharon says it discovered Pertsev’s name in an archive of Digital Security OOO’s website.

Though Digital Security OOO may not have solely worked for the FSB, Pertsev’s involvement with the firm appears to be fairly in-depth. In a statement to Fortune, Kharon’s VP of research Nick Grothaus said that Pertsev was “working for Digital Security OOO and doing [penetration] testing himself” before the U.S. Treasury sanctioned the company for aiding the FSB.

Kharon also noted that Tornado Cash’s code was partially developed by PepperSec, a Delaware-based company where Pertsev was founder and CEO. However, it did not draw any direct link between PepperSEC and Digital Security OOO, nor did it link PepperSec to Russian intelligence agencies.

Pertsev’s wife, Ksenia Malik, has denied that Pertsev had any connections to Russian intelligence agencies. She told CoinDesk that Pertsev has “never been associated with the FSB in Russia or with similar organizations.” She did not comment on Pertsev’s alleged involvement with Digital Security OOO.

Malik added that she and her husband originally “moved to the Netherlands in the hope of a quiet, stable, and free life, which is unimaginable in military Russia.”

The Ethereum coin mixer Tornado Cash was sanctioned by the U.S. Treasury’s Office of Foreign Assets Control on August 8. Pertsev was arrested by Dutch authorities days later.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.

Share this article

Read More

Continue Reading