Solflare Crypto Wallet Vulnerability - "xpass exploit"

blandy

Nice work cyclone incredible and hugely worrying that a crypto wallet provider can be so incompetent. Bad enough Atomic Wallet was using a fast hashing algo (MD5) for the IV and Key values for the AES encryption, but this is a complete failure.

oe3p32wedw

@blandy The developers of the atomic wallet are scammers themselves. There have been waves of funds disappearing from users more than once. I also have a friend who kept funds here, he kept the seed phrase only on paper and he had a generated password. The funds disappeared at the same time, as with many AW users. I heard that all this was allegedly done by Lazarus, but during the community research it turned out that this is not the first case in the history of the wallet, which the developers kept silent about.

blandy

Yes, I remember their system seeming being owned, although they denied this. Too many high value wallets were compromised, likely by themselves I'd suspect. Users need to remember that they are putting a lot of trust into the owners of these software wallets.

cyclone

@blandy Thanks! Hopefully Solflare users will transfer their crypto to a secure wallet before a threat actor exploits this in the wild.
@oe3p32wedw That is correct. The encryption function Solflare used is similar to Phantom, which is secretbox with pbkdf2-sha256 KDF. To clarify, the encryption function is secure, but the vulnerability is what Solflare did after the encryption function.

tychotithonus

Wow, amazing work!
Suggestion: add a timeline to your GitHub info page, to document your interaction with the org.

rickyc2024

Cyclone, this very much annoys me. How could you do this? I found this vulnerability and I had ALREADY reported it.

rickyc2024

This post is deleted!

cyclone

I independently found the vulnerability while reverse engineering the encryption function, wrote the solflare_pwn toolkit, and reported the vulnerability on Feb 12 to Solflare with a followup email on Feb 15. All of this with timestamps is disclosed on my post above.

This is the 2nd time rickyc2024 has publicly taken credit for my solflare_pwn toolkit and my work on this project. To once again clarify, he has nothing to do with solflare_pwn or me discovering the vulnerability.

@rickyc2024 has been banned.

# EDIT 2025/02/21
I've also banned his dup accounts below since running multiple accounts on the forum is not allowed. General Forum Rules: https://forum.hashpwn.net/post/11
@rickyc2024 banned
@rickyig2025 banned
@donotban banned
@youremail banned
@jdjwjdiw banned

blandy

I can confirm I've worked with @cyclone and also have a working C# copy of the decrypter and also the vulnerability.

Nice work @cyclone

cyclone

@blandy Thanks, great job porting this over to C#!

cyclone

New GitHub Release:
https://forum.hashpwn.net/post/434

dawp9duhn9gom

@cyclone will you create versions of these for firefox aswell?

cyclone

@dawp9duhn9gom
I can port the toolkit to Firefox if there is enough interest. However, I generally do not write tooling for Firefox due to the very low global usage only being approx 2%, while Chrome based browsers dominate the global usage at over 70%.

chpost

@cyclone, So, more than a year has passed since you reported the issue to Solflare devs. Have they fixed it? If yes, can you disclose the details of that "xpass exploit"? What was the devs failure? Wasn't it related to AI vibe coding?

cyclone

Update: Details of the Solflare “xpass” Exploit

March 13, 2026

Over the past year I have received many requests asking when I would release the full details of the Solflare xpass exploit. Today, I am publishing those details.

This post serves as an update to my original disclosure in Feb 2025 regarding a purposeful backdoor master key I discovered in the Solflare Chrome wallet extension that allows a wallet vault to be decrypted without requiring the user's wallet password.

At the time of the original report I privately disclosed this to Solflare and delayed public publication to give Solflare time to address the exploit.

---

The Core Issue

Solflare stores two critical values inside the extension's LevelDB storage:

• solflaredata – encrypted wallet vault containing the seed phrase <-- this encrypted string contains the wallet seed phrase
• solflarexpass – a key used to decrypt the vault <-- the "backdoor master key"

Because the decryption key is stored locally alongside the encrypted vault, the user's wallet password is not required to decrypt the vault and gain access to the wallet's seed phrase.

All that is required to decrypt the wallet and gain access to the seed phrase is access to the Chrome extension storage and extraction of the solflarexpass key -- something very easy for a malicious actor or stealer malware to do.

Once the vault is extracted with the key, the seed phrase can be recovered. No password cracking required.

---

Example Storage Layout

Inside the Chrome Solflare extension storage database the relevant entries appear similar to:

solflaredata: {
  "data":{
    "digest":"sha256",
    "encoding":"base64",
    "encrypted64":"..."
  }
}

solflarexpass: "<stored key>"

Using the key stored in solflarexpass, the encrypted vault (solflaredata) can be decrypted.

A screenshot of the original report is attached below.