The app’s developers said that auditors found no “convincing evidence” linking the Slope wallet vulnerability to the million-dollar Solana address hack.

Slope update — August 11, 2022https://t.co/ZLunzRIZcS

— Slope (@slope_finance) 11 August 2022

On August 3, anonymous individuals gained access to more than 9,000 network-based wallets. Preliminary estimates of damage to users reached $8 million.

During the investigation of the incident, the Solana team concluded that the addresses affected by the attack were “created, imported or used in Slope mobile apps at some point.”

Representatives of the Phantom project, whose users were among the victims of the attack, also announced the connection of the exploit with Slope.

The Wallet team, along with auditors OtterSec and SlowMist, and cybercrime firm TRM, launched their own investigations.

“Verifiers have gained access to all databases and data channels, server logs and application source code,” the statement said.

While the auditors’ work is not yet complete, the team shared with the community the most important findings in their view:

• From July 28 to August 3, a vulnerability was discovered in the implementation of the in-app error reporting service in Sentry’s Slope mobile wallets. The bug unintentionally logged sensitive data when generating notifications.
• There is no evidence that all levels of security (for example, transmission or storage of information) are compromised. Communication with the Sentry server is end-to-end encrypted using the HTTPS protocol, and access is controlled by three-factor authentication.
• The number of hacked addresses (9232 in total) exceeds the number transmitted over the channel with Sentry. The last 1444 have been removed from the server.

“Although auditors did not have conclusive evidence linking the Slope vulnerability to an exploit, its presence put many assets at risk. This is far from the security standard we are trying to establish and maintain,” he said.

According to them, no additional errors were found during the investigation, so the latest version of the wallet is safe.

The Slope team made sure they would continue to monitor the hacker to return the stolen assets.

Recall that in early August, smart contract examiners from Hackxyk discovered a vulnerability similar to the one identified in Slope in the NEAR Wallet wallet.

Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.