Solana Hack：攻击者如何利用 Slope 钱包漏洞？

最近 Solana 钱包遭到黑客攻击后，攻击者利用 Slope 移动钱包应用程序中的漏洞盗取了 9,000 多个账户的 SOL 和 USDC，造成 400 万美元的损失。

How Did Solana Hackers Drain Crypto Wallets?

Solana 黑客如何耗尽加密钱包？

Following a recent attack that drained thousands of crypto wallets connected to the Solana ecosystem, questions have arisen about the security measures in place and the potential vulnerabilities that may have been exploited.

最近的一次攻击导致与 Solana 生态系统连接的数千个加密钱包被耗尽，人们对现有的安全措施和可能被利用的潜在漏洞产生了疑问。

What Happened to Solana Wallets?

Solana 钱包发生了什么？

After investigating the incident, Solana concluded that the attack targeted accounts linked to the Slope mobile wallet app. Hackers reportedly gained access to private keys and drained Solana (SOL) and USD Coin (USDC) from over 9,000 wallets, resulting in losses exceeding $4 million.

在调查该事件后，Solana 得出结论，攻击的目标是与 Slope 移动钱包应用程序关联的帐户。据报道，黑客获取了私钥，并从 9,000 多个钱包中盗取了 Solana (SOL) 和 USD Coin (USDC)，造成超过 400 万美元的损失。

Slope Finance's Role

斜坡金融的作用

Slope Finance, the developer behind the mobile wallet app, has acknowledged the breach and advised users to create new seed phrase wallets and transfer their assets. However, the company has not disclosed the exact nature of the attack.

移动钱包应用程序背后的开发商 Slope Finance 已承认此次违规行为，并建议用户创建新的助记词钱包并转移其资产。不过，该公司尚未透露此次攻击的具体性质。

Suspicions of Unencrypted Private Keys

私钥未加密的怀疑

External investigations have suggested that Slope's mobile app may have transmitted users' private keys unencrypted as part of its logging and telemetry processes. Solana's team has confirmed that private key information was inadvertently shared with the application monitoring service, but has emphasized that the Solana protocol and its cryptography remain secure.

外部调查表明，Slope 的移动应用程序可能在其日志记录和遥测过程中传输了未加密的用户私钥。 Solana 团队已确认私钥信息无意中与应用程序监控服务共享，但强调 Solana 协议及其加密技术仍然安全。

Phantom Wallets Also Affected

Phantom 钱包也受到影响

Some Solana users holding funds in third-party Phantom wallets were also impacted by the breach. Phantom has attributed the vulnerability to complications related to importing accounts to and from Slope Finance. The company recommends moving assets to a new non-Slope wallet with a fresh start phrase.

一些在第三方 Phantom 钱包中持有资金的 Solana 用户也受到了此次泄露的影响。 Phantom 将该漏洞归因于与 Slope Finance 之间导入账户相关的复杂性。该公司建议将资产转移到一个新的非 Slope 钱包，并使用新的启动短语。

Questions Linger

Questions Linger

Despite the investigations, several key questions remain unanswered. How did hackers gain access to the private keys? Were there any security vulnerabilities in the Slope app or the Solana ecosystem? What measures are being taken to prevent similar attacks in the future?

尽管进行了调查，但几个关键问题仍未得到解答。黑客如何获取私钥？ Slope 应用程序或 Solana 生态系统是否存在任何安全漏洞？正在采取哪些措施来防止未来发生类似的攻击？

Industry Implications

行业影响

The Solana breach highlights the importance of robust security measures in the cryptocurrency industry. It underscores the need for users to exercise caution when using third-party wallets and to consider hardware wallets for added protection. The incident also raises concerns about the potential risks associated with the growing adoption of web3 applications.

Solana 漏洞凸显了加密货币行业中强有力的安全措施的重要性。它强调用户在使用第三方钱包时需要谨慎行事，并考虑使用硬件钱包来提供额外的保护。该事件还引发了人们对 web3 应用程序日益普及所带来的潜在风险的担忧。

Advice for Users

给用户的建议

In light of the recent events, it is crucial for Solana users to take the following steps:

鉴于最近发生的事件，Solana 用户采取以下步骤至关重要：

• Create a new seed phrase wallet and transfer all assets to this new wallet.
• If you have used Slope Finance, consider moving your assets to a non-Slope wallet with a fresh start phrase.
• Use hardware wallets for added security.
• Monitor your accounts for any suspicious activity.

By adhering to these precautions, users can minimize their exposure to potential risks and safeguard their crypto assets.

创建一个新的助记词钱包并将所有资产转移到这个新钱包。如果您使用过 Slope Finance，请考虑将您的资产转移到带有新启动短语的非 Slope 钱包。使用硬件钱包以增加安全性。监控您的帐户是否有任何可疑活动。通过遵守这些预防措施，用户可以最大程度地减少潜在风险并保护其加密资产。