Share on Twitter
Share on Facebook
Share on HackerNews

Slope Wallet Solana Hack

On August 2nd, 2022, roughly 9,321 Solana wallets appear to have been drained of their cryptocurrency. While the parties investigating this attack have yet to release a root cause, there is a lot of speculation floating around, including about Sentry.

There is no indication that Sentry’s SaaS product or infrastructure was involved in this attack.

There is no indication that Sentry’s self-hosted, open source product was compromised by a vulnerability in the software.

Background

Sentry is a platform that helps every developer diagnose, fix, and optimize the performance of their code. A large part of this is accomplished using data sent from applications using a Sentry library, to the Sentry backend. This backend can either be the SaaS product, hosted at sentry.io, or self-hosted on one’s own servers using our open source project.

As with any system that accepts and stores data, it is possible to end up with sensitive information accidentally sent, stored, and/or processed. At Sentry, we work to help prevent this by setting sane defaults, client side scrubbing, server side scrubbing, and allowing for data deletion.

What we know

What We’re Doing

While we can’t completely prevent sensitive information from being sent to us, we can help prevent some of the more common cases that may result in sensitive information being sent and stored. Once disclosed, we acted immediately to prevent future instances of “privatekey” or “private_key” from being stored. Additionally, we are going to investigate other common dataforms, such as BIP39, that may be easily scrubbed from data sent to Sentry.

At this point in time, we are conducting our own investigation using Sentry’s data, as well as publicly available information, as we have not spoken to the Slope team directly. In the meantime, if there are easily identifiable and verifiable patterns which would be helpful to scrub, drop us a line in a GitHub Issue.

Your code is broken. Let's Fix it.
Get Started

More from the Sentry blog

ChangelogDashboardsDiscoverDogfooding ChroniclesEcosystemError MonitoringEventsGuest PostsMoonlightingOpen SourcePerformance MonitoringRelease HealthSDK UpdatesSentry

Do you like corporate newsletters?

Neither do we. Sign up anyway.

© 2022 • Sentry is a registered Trademark
of Functional Software, Inc.