Recently, millions of dollars in cryptocurrencies and tokens were stolen from 8.000 wallets connected to the Solana blockchain. Tenable advises more caution when choosing cryptocurrency applications
Millions of dollars worth of cryptocurrencies and other tokens have been stolen from internet-connected wallets on the Solana blockchain, with assets stolen from around 8.000 wallets – mainly by Phantom and Slope mobile wallet users.
$5 million cryptos stolen
“The Solana hack that led to the theft of over $5 million was the result of a leak of seed phrases, a group of random words used to help users access or recover their cryptocurrency wallet, by creating a wallet from Slope Finance.
Users who want to interact with different blockchains usually create what are known as hot wallets, which can be easily accessed via browser extensions or mobile and desktop applications. As part of its application's logging capability, Slope Finance stored users' seed phrases in clear text in these logs, which was identified as the source of the violation. Affected are users who created wallets with Slope Wallet or imported their wallets into Slope from other wallets like Phantom.
Vulnerability seed phrases: random words
Anyone who owns a seed phrase or mnemonic phrase can take control of users' cryptocurrency and NFTs, which is why the conventional advice to never share your seed phrase is so prominent. However, users were not at fault in this case and storing their seed phrases in plain text led to the theft of their funds.
We highly recommend cryptocurrency enthusiasts who want to interact with different blockchains to do their own research to verify whether a project has performed third-party audits or pentests of its applications or infrastructure before people trust those applications with their funds. Additionally, users are strongly advised to consider using a cold wallet, which includes hardware wallets, paper wallets, or offline USB/CD wallets that are not as easily accessible to store their cryptocurrencies for the long term .” said Satnam Narang, senior staff research engineer at Tenable.
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.