← Slope Wallet3 decisions on this page

Audit log

Every state-changing event for Slope Wallet: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-27 18:18:05Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,555,086
sig
x4PpwYffjpcK…GSschLqJexplorer ↗
hash
4HQUL4X2pT3G…rXsVU9v4sha256 → base58
verifying row…full verify ↗
canonical bytes (6497 B) ▸
{"actor":"system:backfill","investigation_id":"cfabca4b-5d49-449c-847e-9a2e980c614c","kind":"publish","page_slug":"slope-wallet","published_at":"2026-05-27T18:18:04.996Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Slope Wallet","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://solana.com/news/8-2-2022-application-wallet-incident","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/08/03/solanas-latest-6m-exploit-likely-tied-to-slope-wallet-devs-say","type":"other","url":""},{"credibility":3,"name":"https://slope-finance.medium.com/slope-wallet-sentry-vulnerability-digital-forensics-and-incident-response-report-d7a5904e5a39","type":"other","url":""},{"credibility":3,"name":"https://hackmd.io/@prastut/SJoJUzKz3","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slope-finance.medium.com/slope-wallet-sentry-vulnerability-digital-forensics-and-incident-response-report-d7a5904e5a39","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/161425/slope-wallet-provider-saved-user-seed-phrases-in-plain-text-solana-security-researchers-find","type":"other","url":""},{"credibility":3,"name":"https://ackee.xyz/blog/2022-solana-hacks-explained-slope-wallet/","type":"other","url":""},{"credibility":3,"name":"https://blog.sentry.io/2022/08/10/slope-wallet-solana-hack/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/experts-find-private-keys-on-slope-servers-still-puzzled-over-access","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/slope-wallet-hacker-bridged-funds-to-tron-cashed-out-through-otcs/","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/feed/post/2023-10-10-slope-finance-s-4m-hack-funds-traced-in-recent-on-chain-analysis-by-zachxbt-1300002","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/slope-offers-solana-wallet-hackers-bounty-threatens-legal-action/","type":"other","url":""},{"credibility":3,"name":"https://slopeaction.org/","type":"other","url":""},{"credibility":3,"name":"https://slope-finance.medium.com/slope-wallet-sentry-vulnerability-digital-forensics-and-incident-response-report-d7a5904e5a39","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/slope-wallet-hacker-bridged-funds-to-tron-cashed-out-through-otcs/","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/feed/post/2023-10-10-slope-finance-s-4m-hack-funds-traced-in-recent-on-chain-analysis-by-zachxbt-1300002","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.globenewswire.com/news-release/2022/02/24/2391653/0/en/Slope-Finance-announces-the-close-an-8m-Series-A-funding-co-lead-by-Solana-Venture-and-Jump-Capital","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2022/02/23/solana-wallet-slope-finance-raises-8m","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/press-releases/slope-finance-completes-8m-series-a-funding-led-by-solana-ventures","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.sentry.io/2022/08/10/slope-wallet-solana-hack/","type":"other","url":""}]}],"sources_used":[],"summary":"Slope Wallet (Slope Finance) was a Solana-based mobile cryptocurrency wallet that suffered a catastrophic security breach on August 2, 2022, in which over 9,200 wallets were drained of approximately $4–8 million in assets due to the app transmitting users' unencrypted seed phrases to a third-party telemetry service (Sentry). The root cause was a severe security misconfiguration by Slope Finance, in which the mobile application logged plaintext private key material without proper scrubbing. No formal victim compensation was established, the team declined to publicly accept responsibility, and founder Leal Cheung subsequently launched a new project (zkME) without resolution for affected users.","timeline":[{"date":"2021-09","event":"Slope Finance launches Slope Wallet mobile application on Solana.","source":""},{"date":"2022-02-24","event":"Slope Finance closes $8 million Series A funding round co-led by Solana Ventures and Jump Capital.","source":""},{"date":"2022-08-02","event":"Attack begins at 22:37 UTC. Attacker drains 9,229 wallets over approximately 7 hours, stealing an estimated $4.1–8 million in assets.","source":""},{"date":"2022-08-03","event":"Solana developers and security researchers publicly attribute the exploit to Slope Wallet's Sentry misconfiguration. Solana Foundation confirms no protocol-level vulnerability.","source":""},{"date":"2022-08-03","event":"Slope Finance offers a 10% bounty to the attacker for return of 90% of stolen funds within 48 hours. No response from attacker.","source":""},{"date":"2022-08-04","event":"Security firm OtterSec and others confirm that Slope's app transmitted seed phrases in plaintext to centralized Sentry servers. The Block publishes findings.","source":""},{"date":"2022-08-10","event":"Sentry publishes its own post-mortem, clarifying that Slope Finance failed to configure available data-scrubbing settings.","source":""},{"date":"2022-08","event":"Slope Finance publishes its Digital Forensics and Incident Response (DFIR) report acknowledging the Sentry vulnerability but concluding it cannot 'conclusively explain' the full hack.","source":""},{"date":"2022-08","event":"Victims organize under slopeaction.org seeking reimbursement and a formal acknowledgment of culpability.","source":""},{"date":"2023-03","event":"ZachXBT observes hacker addresses becoming active again, laundering funds from original theft addresses on Solana.","source":""},{"date":"2023-10","event":"ZachXBT publishes on-chain analysis tracing stolen funds from Solana through Binance nested exchanges, Tornado Cash (322 ETH), SWFT bridge to TRON, and into OTC cash-out addresses.","source":""},{"date":"2023-10","event":"ZachXBT warns the public to avoid zkME, a new project allegedly founded by Slope Wallet's Leal Cheung following abandonment of Slope Finance.","source":""}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision d66c8a81-346c-4bc9-8958-627f99e3c732
#2reviewby reviewerreviewer
2026-06-15 19:30:07Z
Score: 12 → 12 (no score change)
The Slope Wallet page is factually sound at its core — the key incident facts (date, start time, wallet count, Sentry misconfiguration mechanism, funding round details, ZachXBT's October 2023 analysis) are confirmed by primary sources. The main inaccuracies are quantitative: the attack duration ('approximately 7 hours' is in the DFIR but conflicts with Solana Foundation's '~4 hours' figure) and the loss range ($4-8M, where the upper end overstates the most authoritative figures). Two cited URLs show link rot (the Sentry post at the /2022/08/10/ path returns 404; slopeaction.org was unreachable), though the underlying facts they support are confirmed elsewhere. No disputed claims were found.
anchoranchored
chain
●mainnet-betaslot 426,697,971
sig
31ovMLdACkag…PxRYdL5cexplorer ↗
hash
3Av3HjSTK1mT…FqUyie6xsha256 → base58
verifying row…full verify ↗
canonical bytes (1047 B) ▸
{"actor":"reviewer","decided_at":"2026-06-15T19:30:07.626Z","decision":"review","investigation_id":"cfabca4b-5d49-449c-847e-9a2e980c614c","new_score":12,"page_slug":"slope-wallet","prev_score":12,"reason":"The Slope Wallet page is factually sound at its core — the key incident facts (date, start time, wallet count, Sentry misconfiguration mechanism, funding round details, ZachXBT's October 2023 analysis) are confirmed by primary sources. The main inaccuracies are quantitative: the attack duration ('approximately 7 hours' is in the DFIR but conflicts with Solana Foundation's '~4 hours' figure) and the loss range ($4-8M, where the upper end overstates the most authoritative figures). Two cited URLs show link rot (the Sentry post at the /2022/08/10/ path returns 404; slopeaction.org was unreachable), though the underlying facts they support are confirmed elsewhere. No disputed claims were found.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision ed49c09a-5849-4616-b56f-8e0d21545983
#3review approveby judgejudge
2026-06-15 19:30:07Z
Score: 12 → 28 (+16)
The reviewer verified 18 claims across the summary and timeline: 12 confirmed, 4 partially supported, and 0 disputed, yielding a 0% disputed rate. Content is factually sound and supported by primary sources including the Solana Foundation incident report, Slope Finance's own DFIR report, and multiple Tier 1 outlets. The page's current score of 12 (CRITICAL) is inconsistent with the nature of the incident: the root cause was a severe security misconfiguration in Slope's own code — own-negligence, not intentional fraud. No exit scam, Ponzi structure, or criminal conviction is present. Under fraud-likelihood scoring semantics, own-negligence without criminal fraud sits in the WARNING band (20–49), not CRITICAL (0–19). The reviewer's recommended score of 28 reflects the severity of the negligence (~$4M user loss, no compensation, post-incident abandonment) while correctly distinguishing it from deliberate criminal conduct. Two instances of link rot noted in claim_findings[5] and claim_findings[17] do not affect the factual record as the underlying content is confirmed through alternate URLs and secondary sources. Score is corrected upward by +16 to align with calibration anchors.
anchoranchored
chain
●mainnet-betaslot 426,697,976
sig
5TjyRi3WreNY…Dr5oQTAXexplorer ↗
hash
5dnTj3pibUQ3…6rKuhyUqsha256 → base58
verifying row…full verify ↗
canonical bytes (1548 B) ▸
{"actor":"judge","decided_at":"2026-06-15T19:30:07.626Z","decision":"review_approve","investigation_id":"cfabca4b-5d49-449c-847e-9a2e980c614c","new_score":28,"page_slug":"slope-wallet","prev_score":12,"reason":"The reviewer verified 18 claims across the summary and timeline: 12 confirmed, 4 partially supported, and 0 disputed, yielding a 0% disputed rate. Content is factually sound and supported by primary sources including the Solana Foundation incident report, Slope Finance's own DFIR report, and multiple Tier 1 outlets. The page's current score of 12 (CRITICAL) is inconsistent with the nature of the incident: the root cause was a severe security misconfiguration in Slope's own code — own-negligence, not intentional fraud. No exit scam, Ponzi structure, or criminal conviction is present. Under fraud-likelihood scoring semantics, own-negligence without criminal fraud sits in the WARNING band (20–49), not CRITICAL (0–19). The reviewer's recommended score of 28 reflects the severity of the negligence (~$4M user loss, no compensation, post-incident abandonment) while correctly distinguishing it from deliberate criminal conduct. Two instances of link rot noted in claim_findings[5] and claim_findings[17] do not affect the factual record as the underlying content is confirmed through alternate URLs and secondary sources. Score is corrected upward by +16 to align with calibration anchors.","score_delta":16,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision ed48120f-61c3-43b9-9339-1d2eb87265a3

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.