Back to Blog Home

Slope Wallet Solana Hack

Alek Amrani image

Alek Amrani -

On August 2nd, 2022, roughly 9,321 Solana wallets appear to have been drained of their cryptocurrency. While the parties investigating this attack have yet to release a root cause, there is a lot of speculation floating around, including about Sentry.

There is no indication that Sentry’s SaaS product or infrastructure was involved in this attack.

There is no indication that Sentry’s self-hosted, open source product was compromised by a vulnerability in the software.

Background

Sentry is a platform that helps every developer diagnose, fix, and optimize the performance of their code. A large part of this is accomplished using data sent from applications using a Sentry library, to the Sentry backend. This backend can either be the SaaS product, hosted at sentry.io, or self-hosted on one’s own servers using our open source project.

As with any system that accepts and stores data, it is possible to end up with sensitive information accidentally sent, stored, and/or processed. At Sentry, we work to help prevent this by setting sane defaults, client side scrubbing, server side scrubbing, and allowing for data deletion.

What we know

What We’re Doing

While we can’t completely prevent sensitive information from being sent to us, we can help prevent some of the more common cases that may result in sensitive information being sent and stored. Once disclosed, we acted immediately to prevent future instances of “privatekey” or “private_key” from being stored. Additionally, we are going to investigate other common dataforms, such as BIP39, that may be easily scrubbed from data sent to Sentry.

At this point in time, we are conducting our own investigation using Sentry’s data, as well as publicly available information, as we have not spoken to the Slope team directly. In the meantime, if there are easily identifiable and verifiable patterns which would be helpful to scrub, drop us a line in a GitHub Issue.

Share

Share on Twitter
Share on Bluesky
Share on HackerNews
Share on LinkedIn

Published

Sentry Sign Up CTA

Code breaks, fix it faster

Sign up for Sentry and monitor your application in minutes.

Try Sentry Free

Topics

Sentry

New product releases and exclusive demos

Listen to the Syntax Podcast

Of course we sponsor a developer podcast. Check it out on your favorite listening platform.

Listen To Syntax
© 2024 • Sentry is a registered Trademark of Functional Software, Inc.