Slope Wallet Private Key Leak
Slope Wallet
Critical
Confirmed
August 2, 2022
Frontend Attack
$4,000,000.00
Description
Slope Wallet was sending user seed phrases unencrypted to their centralized servers, leading to a compromise of thousands of wallets.
Technical Details
The Slope mobile app was logging user seed phrases in plaintext and transmitting them to centralized servers. A breach of these servers exposed private keys that were then used to drain funds.
Wallet
Privacy
Seed Phrase
Exploit Timeline
Initial Reports
First reports of wallets being drained.
Investigation Begun
Multiple security teams began investigation.
Cause Identified
Plaintext logging of seed phrases identified as the cause.
On-Chain Details
No on-chain transaction details available.
Protection Resources
Smart Contract Security Checklist
Essential checks for contract developers
Oracle Attack Prevention Guide
Learn to prevent oracle manipulation
Emergency Response Playbook
Quick response guide for projects