Meet #
MNEMOGATE. Exposed wallets in Cosmos-based blockchains.Recently, our joint investigation team SOLAR Labs & MightyFrog found out that there’s a relatively easy way to lose your tokens due to confusing naming of transaction parameters in Cosmos-based blockchains. Some of the users put their
mnemonics (wallet private key, in other words) into publicly visible
MEMO of transactions, which is basically acting like more a "note" for a transaction.
Our team made some efforts to take situation under control and save inattentive people's tokens:
1) First of all, we've introduced
a website to check if your wallet was exposed. We've scanned Cosmos, Persistence, CertiK, Akash & Sentinel blockchain networks and found wallets with tokens of total worth over 300,000 U.S. dollars.
Go and check if your wallet is compromised.2) We've delegated most of available tokens of such wallets to reliable validators — to make sure no one is able to withdraw them from you without your consent. For Sentinel — it's our
SOLAR Validator and
Amphibious, for other blockchains it's No. #1 validator of the network. Tokens cannot be withdrawn unless unbonded and unbonding period is long enough to take further actions and prepare to protect vulnerable wallets.
3) We're preparing pull requests for wallet apps and etc. to make sure, that MEMO parameter is changed to something less confusing and users are not submitting their mnemonics into it.
We've also introduced a hotline email to provide support to everyone, who were affected by this issue — help@wasmywalletleaked.com. Feel free to reach us if you have any questions.
Stay tuned,
Aleksandr Litreev
CEO at Solar Labs
Drink water, wash your hands and keep your mnemonic safe and secret.
