Slope Wallet

2021-09

Slope Finance launches Slope Wallet mobile application on Solana.

2022-02-24

Slope Finance closes $8 million Series A funding round co-led by Solana Ventures and Jump Capital.

2022-08-02

Attack begins at 22:37 UTC. Attacker drains 9,229 wallets over approximately 7 hours, stealing an estimated $4.1–8 million in assets.

2022-08-03

Solana developers and security researchers publicly attribute the exploit to Slope Wallet's Sentry misconfiguration. Solana Foundation confirms no protocol-level vulnerability.

2022-08-03

Slope Finance offers a 10% bounty to the attacker for return of 90% of stolen funds within 48 hours. No response from attacker.

2022-08-04

Security firm OtterSec and others confirm that Slope's app transmitted seed phrases in plaintext to centralized Sentry servers. The Block publishes findings.

2022-08-10

Sentry publishes its own post-mortem, clarifying that Slope Finance failed to configure available data-scrubbing settings.

2022-08

Slope Finance publishes its Digital Forensics and Incident Response (DFIR) report acknowledging the Sentry vulnerability but concluding it cannot 'conclusively explain' the full hack.

2022-08

Victims organize under slopeaction.org seeking reimbursement and a formal acknowledgment of culpability.

2023-03

ZachXBT observes hacker addresses becoming active again, laundering funds from original theft addresses on Solana.

2023-10

ZachXBT publishes on-chain analysis tracing stolen funds from Solana through Binance nested exchanges, Tornado Cash (322 ETH), SWFT bridge to TRON, and into OTC cash-out addresses.

2023-10

ZachXBT warns the public to avoid zkME, a new project allegedly founded by Slope Wallet's Leal Cheung following abandonment of Slope Finance.