Why Slope Wallet Hack Cannot Happen to Unido?

02 September 2022

Earlier this month one of the most damaging hacks to the Solana network happened. The users of a popular light wallet, Slope, suddenly found that their crypto assets had been moved without their consent. This came as a huge blow to the user base of Solana and added a lot of questions to the security of that blockchain.

Since then, there have been a lot of investigations by various security firms and developers trying to find out what happened. The complete story has not yet been determined, but there is enough information to have an idea of what happened.

A brief overview of events

Solana users experienced a hack that cost them around $4.5 million worth of SOL coins collectively plus other tokens which were taken from their wallets directly. The Slope wallets were compromised which led to the attackers being able to send assets without the consent of the wallet owner.

On 2nd of August, the attackers were able to find an exploit in the Slope wallet. The security breach was possible because of an oversight by Phantom, the developers of this light wallet. The Slope wallet is one of the most popular in the Solana network.

Researchers have found that the exploit was caused because the seed phrase of the wallet was sent to a central server owned by the developers. In the server, the seed phrases were stored as plain text without any encryption, meaning anyone with access to the system could read the seed phrases.

The servers seem to have been compromised and this led to seed phrases being stolen. Once the attackers had them, they were able to create transactions by recovering the wallets of different systems.

Why is a similar exploit impossible in Unido?

Unido running on a user's device does not have access to the fully constructed wallet private key. The reason for this is that a user needs to create a unique input when first making a wallet. This added piece of data is the Trade Key which functions as the wallet's password.

To authorize any transaction from a Unido wallet, the user has to enter the password and that alone creates the transaction. In the event the wallet's seed phrase is stolen, attackers are still unable to do anything with it since they won't know the Trade Key.

The Slope attack is impossible in the system used by Unido. The team is focused on creating enterprise level security that is reachable by any type of crypto user. The security of your crypto assets is the top priority of Unido and we're on track to deliver these capabilities.

About Unido EP

Unido EP takes the complexity and expense out of digital asset management for organizations with sophisticated corporate governance needs. Our patented, end-to-end platform seamlessly automates corporate governance and self-custody of crypto assets so you can securely store, manage and invest in crypto without massive overheads.

Unido EP comes with a web-based dashboard and a decentralized application (dApp) featuring a robust set of DeFi tools, easy-to-set-up authority regimes and iron-clad security. All of this is inside a complete digital asset management platform, built with financial institutions in mind but tailor-made for any organization or individual’s needs.

Learn more:






Unido EP, Unido Opinion
  • Share