[TL;DR]
Slope finance created Slope Wallet to enable a better cross-blockchain user experience. Slope wallet is versatile in providing access to DeFi assets, several NFT platforms, and Dapp exchanges for Solana, Ethereum, and Binance Smart Chain.Despite its stringent security technologies, slope wallet was recently hacked with cryptocurrency stolen from users. Slope finance founder explains the vulnerability of the wallet. Presently, the vulnerability has been addressed, and users are assured of security.
What Is The Slope Wallet And Why Does Slope Have The Vulnerability
Solana, a blockchain built to support smart contracts, has been preferably stored by users in the Slope Wallet ever since the wallet's debut. Recently, the wallet was hacked, and thousands of Solana users had their crypto stolen. According to findings, the number of wallets drained ranged from 8,000-9,000, of about $5 million - $8 million worth of Solana. The Solana Foundation has traced the genesis of the losses back to certain activities carried out in the Slope wallet application.
What Is The Slope Wallet?
Slope wallet is a web3 wallet designed for Solana by Slope Finance. Apart from sending and receiving assets, it can be used for other cross-blockchain transactions for Solana, Ethereum, and Binance Smart Chain. It also provides access for DeFi uses and NFT collectables.
When the wallet was launched, the team lauded its functionalities, such as the capacity to swap Solana Program Library tokens and the distribution of random NFTs to users through gamification, leading to increased community engagement and user retention. The Wallet was launched on June 23rd 2021, before 13,000 hackers. Even with the nimbleness of its engineers, a breach of its ecosystem still occurred, leading to millions of losses of Solana coins.
Advantages and Disadvantages of Slope Wallet
The advantage of the slope wallet lies in the easy interaction for users across web3. With one wallet, slope finance tapped into the power of the multi-chain to bridge cryptocurrency communities and ecosystems. According to Newsfile, the Slope finance team took rigorous steps to ensure that users' seed phrases and private keys are secure from vulnerability. Yet, a disadvantage that has become apparent is that its technologies are not secure enough. How the Slope Vulnerability OccurredSeveral explanations have been provided for the unfortunate occurrence. Notable amongst them is Anatoly Yakovenko, co-founder of Solana, who linked the hack to Slope wallet via a tweet. The Solana Foundation investigation also revealed that the private keys of Slope's wallet were compromised after they were disseminated to Slope's application. According to their Tweet last week Wednesday, all the affected addresses were either "created, imported, or used in Slope mobile wallet applications".
According to Austin Fedora, Head of Communication, Solana, 60% of the victims of the hack were Phantom users. However, they did not generate a seed phrase using Phantom. Also, he said that the hack was only traceable to hot wallets. In addition, no information suggests that Solana Protocol is at risk, thereby laying all the blame at Slope's feet.
Although Slope Finance acknowledges the
wallet's vulnerability, Slope Finance has refused to co-sign hacking claims. They opine that there is no conclusive evidence to support vulnerability. According to their audit carried out by independent contractors, a greater number of wallets were found to be hacked than exploited. This raises the question of whether there is still another attack unaccounted for in the wallet's ecosystem. Nevertheless, Slope promises to fish out the attacker, recover stolen tokens, and bring users back to the
status quo.
In addition to other means of recovering the stolen funds, Slope has offered the hackers a 10%
bounty for a safe return of the stolen funds to a defined wallet address.
Proposed recommendation against future occurrences
To forestall future occurrences, Yakonevo advised users to regenerate seed phrases from other wallet services separate from Slope. He also proffered the practice of maintaining "cold/hot wallet separation". The slope team, on the other hand, urged users to generate a new seed phrase and transfer all funds from old wallets into new wallets.
Conclusion
Recent news confirms that the Slope Finance team has taken care of the vulnerability. According to them, with the help of investigative partners, there were no additional vulnerabilities found on the platform. Declaring that the Slope Wallet is now safe for use, they assured the public that regular audits and security checks would be carried out to prevent similar losses. Also, apologies were tendered.
Author: Gate.io Observer:
M. Olatunji
Disclaimer:
* This article represents only the views of the observers and does not constitute any investment suggestions.
* Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all other cases, legal action will be taken due to copyright infringement.