Solana Hack：攻擊者如何利用 Slope 錢包漏洞？

在最近 Solana 錢包遭到駭客攻擊後，攻擊者利用 Slope 行動錢包應用程式中的漏洞盜取了 9,000 多個帳戶的 SOL 和 USDC，造成 400 萬美元的損失。

How Did Solana Hackers Drain Crypto Wallets?

Solana 駭客如何耗盡加密錢包？

Following a recent attack that drained thousands of crypto wallets connected to the Solana ecosystem, questions have arisen about the security measures in place and the potential vulnerabilities that may have been exploited.

最近的一次攻擊導致與 Solana 生態系統連接的數千個加密錢包被耗盡，人們對現有的安全措施和可能被利用的潛在漏洞產生了疑問。

What Happened to Solana Wallets?

Solana 錢包發生了什麼事？

After investigating the incident, Solana concluded that the attack targeted accounts linked to the Slope mobile wallet app. Hackers reportedly gained access to private keys and drained Solana (SOL) and USD Coin (USDC) from over 9,000 wallets, resulting in losses exceeding $4 million.

在調查事件後，Solana 得出結論，攻擊的目標是與 Slope 行動錢包應用程式關聯的帳戶。據報道，駭客取得了私鑰，並從 9,000 多個錢包中盜取了 Solana (SOL) 和 USD Coin (USDC)，造成超過 400 萬美元的損失。

Slope Finance's Role

斜坡金融的作用

Slope Finance, the developer behind the mobile wallet app, has acknowledged the breach and advised users to create new seed phrase wallets and transfer their assets. However, the company has not disclosed the exact nature of the attack.

行動錢包應用程式背後的開發商 Slope Finance 已承認此違規行為，並建議用戶創建新的助記詞錢包並轉移其資產。不過，該公司尚未透露此攻擊的具體性質。

Suspicions of Unencrypted Private Keys

私鑰未加密的懷疑

External investigations have suggested that Slope's mobile app may have transmitted users' private keys unencrypted as part of its logging and telemetry processes. Solana's team has confirmed that private key information was inadvertently shared with the application monitoring service, but has emphasized that the Solana protocol and its cryptography remain secure.

外部調查表明，Slope 的行動應用程式可能在其日誌記錄和遙測過程中傳輸了未加密的用戶私鑰。 Solana 團隊已確認私鑰資訊無意中與應用程式監控服務共享，但強調 Solana 協定及其加密技術仍然安全。

Phantom Wallets Also Affected

Phantom 錢包也受到影響

Some Solana users holding funds in third-party Phantom wallets were also impacted by the breach. Phantom has attributed the vulnerability to complications related to importing accounts to and from Slope Finance. The company recommends moving assets to a new non-Slope wallet with a fresh start phrase.

一些在第三方 Phantom 錢包中持有資金的 Solana 用戶也受到了洩漏的影響。 Phantom 將此漏洞歸因於與 Slope Finance 之間導入帳戶相關的複雜性。該公司建議將資產轉移到一個新的非 Slope 錢包，並使用新的啟動短語。

Questions Linger

疑問揮之不去

Despite the investigations, several key questions remain unanswered. How did hackers gain access to the private keys? Were there any security vulnerabilities in the Slope app or the Solana ecosystem? What measures are being taken to prevent similar attacks in the future?

儘管進行了調查，但幾個關鍵問題仍未得到解答。駭客如何取得私鑰？ Slope 應用程式或 Solana 生態系統是否存在任何安全漏洞？正在採取哪些措施來防止未來發生類似的攻擊？

Industry Implications

產業影響

The Solana breach highlights the importance of robust security measures in the cryptocurrency industry. It underscores the need for users to exercise caution when using third-party wallets and to consider hardware wallets for added protection. The incident also raises concerns about the potential risks associated with the growing adoption of web3 applications.

Solana 漏洞凸顯了加密貨幣產業中​​強而有力的安全措施的重要性。它強調用戶在使用第三方錢包時需要謹慎行事，並考慮使用硬體錢包來提供額外的保護。該事件也引發了人們對 web3 應用程式日益普及所帶來的潛在風險的擔憂。

Advice for Users

給使用者的建議

In light of the recent events, it is crucial for Solana users to take the following steps:

鑑於最近發生的事件，Solana 用戶採取以下步驟至關重要：

• Create a new seed phrase wallet and transfer all assets to this new wallet.
• If you have used Slope Finance, consider moving your assets to a non-Slope wallet with a fresh start phrase.
• Use hardware wallets for added security.
• Monitor your accounts for any suspicious activity.

By adhering to these precautions, users can minimize their exposure to potential risks and safeguard their crypto assets.

建立一個新的助記詞錢包並將所有資產轉移到這個新錢包。如果您使用過Slope Finance，請考慮將您的資產轉移到帶有新啟動短語的非Slope 錢包。使用硬體錢包以增加安全性.監控您的帳戶是否有任何可疑活動。遵守這些預防措施，用戶可以最大程度地減少潛在風險並保護其加密資產。