Slope wallet provider saved user seed phrases in plain text, Solana security researchers find

Security researchers at Otter claim they have pinned down what may have caused the widely publicized breach, targeting nearly 8,000 crypto wallets in the Solana ecosystem.

On Thursday morning, Otter, a security firm focused on Solana, reported that the Slope’s wallet app allegedly sent out users' seed phrases to a centralized server. Slope hired this server from a company called Sentry. 

It added that seed phrases were allegedly passed to Slope's server were saved in the form of readable text. Since the phrases were not encrypted, anybody with access to this specific Sentry server could potentially access users’ private keys. The low security standard likely led to the breach giving hackers the ability to acquire the seed phrases and drain funds, Otter claimed.

“We have independently confirmed that Slope’s mobile app sends off mnemonics via TLS [Transport Layer Security] to their centralized Sentry server," Otter researchers wrote in a tweet.

The Otter team told The Block they are still uncertain if this explains all the hacked addresses, but confirmed that at least a subset of them were allegedly present on Slope's server.

Meanwhile, Slope has made a statement saying it didn’t have a firm answer to the cause of the breach. “We have some hypotheses as to the nature of the breach, but nothing is yet firm,” it said.

Slope did not immediately respond to The Block's request for comment.

As a security measure, Slope has advised all of its past users to transfer funds out by creating other wallets with unique seed phrases.

Otter’s on-chain analysis has estimated that, so far, $4 million has been stolen by hackers. Previous estimates from security firms such as Elliptic and Anchain had ascertained the exploit sum to be at least $5 million. The stolen funds can be located sitting in four Solana wallets.

Update: The article was updated with the latest comment from Otter.