GSD-2022-1004952

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1004xxx/GSD-2022-1004952.json
Published
2022-08-05T16:52:49.918680Z
Modified
2022-08-05T16:52:49.918680Z
Details

In Slope Wallet, the current version and possibly previous versions the logging of sensitive information (including seed phrases) exist in the wallet software. This can be attacked via access to the logging data (which is reportedly sent in clear text across the Internet) and the logging server resulting in the disclosure of information including seed phrases used to generate cryptographic keys, allowing attackers access to private wallets and stealing funds (roughly 8000 wallets have been reportedly drained at this time). Users of Slope wallet should immediately and securely generate new wallet addresses in a different wallet software and transfer their funds to the new addresses.

References

Affected packages

GSD / Wallet

Wallet

Affected ranges

Affected versions

Other

Current version and possibly previous versions