Solana security researchers discover that Slope wallet provider kept user seed phrases in plain text

Security experts at Otter claim they have pinned down what may have caused the highly reported intrusion, impacting approximately 8,000 crypto wallets in the Solana ecosystem.

Otter, a Solana-focused security firm, reported on Thursday morning that the Slope wallet software transferred users’ seed phrases to a centralized server. Sentry, a corporation, provided Slope with this server.

It further stated that seed words sent to Slope’s server were saved as readable text. Because the phrases were not encrypted, anyone with access to this Sentry server might possibly access the users’ secret keys. The incident was most likely caused by an inadequate security standard, allowing hackers to obtain the seed phrases and drain cash.

Meanwhile, Slope issued a statement in which it stated that it did not have a definitive answer to the reason of the breach. “We have some hypotheses as to the nature of the breach, but nothing is yet firm,” it said.

Slope has urged all previous users to transfer cash out by generating new wallets with unique seed phrases as a security measure.

According to Otter’s on-chain investigation, hackers have stolen $4 million thus far. Previous estimates from security organizations such as Elliptic and Anchain put the total cost of the exploit at at least $5 million. The stolen monies have been discovered in four Solana wallets.