Numerous prominent browser extension wallets, including Ethereum (ETH) wallet MetaMask, Solana (SOL)‘s Phantom, Brave, and mix-chain wallet extension XDefi, have patched a “critical vulnerability” that may have uncovered sensitive login credentials if specific conditions were met.
The wallet providers claim the vulnerability is not exploited by bad attackers, meaning no user funds were stolen by using this vector of attack.
Inside a blog publish, MetaMask detailed the issue didn’t impact MetaMask Mobile users and just affected “a little segment of MetaMask Extension users in addition to users of other browser/extension wallets.”
The most popular Ethereum wallet stated they have since implemented updates to resolve the problem, claiming that it doesn’t affect people that use the MetaMask Extension versions 10.11.3 and then. MetaMask added that users be concerned only when the following the weather is met:
- their hard disk wasn’t encrypted
- they imported their Secret Recovery Phrase right into a MetaMask extension on the device that’s owning someone they don’t trust, or their computer is compromised
- they used the “Show Secret Recovery Phrase” checkbox to see their Secret Recovery Phrase on-screen throughout the import process.
“If your pc isn’t physically secure from people you don’t trust, we advise you enable full disk file encryption in your system,” MetaMask stated. “Additionally, you aren’t impacted by this in case your money is managed with a hardware wallet.”
Solana’s Phantom, a self-custodial wallet for decentralized finance (DeFi), also confirmed these were impacted by the problem, saying these were first notified concerning the vulnerability in September 2021.
“After a little analysis as well as an official audit, fixes started moving in The month of january 2022 by April, Phantom users grew to become protected against this critical vulnerability,” Phantom claimed, adding that they’ll release “a much more exhaustive patch” in a few days.
The safety vulnerability is discovered and reported to any or all affected wallet browsers by blockchain security firm Halborn. “We disclosed a vital vulnerability affecting MetaMask, Phantom, Brave, and XDefi, along with other browser based crypto wallets,” the organization stated inside a Twitter thread.
Halborn stated they found the “Demonic” vulnerability in May 2021 and provided help all affected browsers with the aid of MetaMask.
The blockchain company has additionally received a USD 50,000 bounty from MetaMask for that discovery, which “was the biggest security-related payout that MetaMask had available at that time,” Halborn stated.
The incident is an additional indication that internet-connected hot wallets are susceptible to security vulnerabilities. Users can consider hardware wallets for much better security.
____
Find out more:
– MetaMask Aims to assist Crypto Scam & Phishing Victims File Suit Fraudsters
– MetaMask Issues Warning About Phishing Attacks Via iCloud Following a User Lost USD 650K
– Privacy-Focused Brave Browser Aims to ‘Cut Out’ Google With De-AMP
– As Opera Challenges Brave Browser with Push Further into Crypto, How Can They Compare?
– Here’s The Best Way To Safeguard Yourself Against Phishing as Trezor is Attacked
– Crypto Peace of mind in 2022: Get ready for More DeFi Hacks, Exchange Outages, and Noob Mistakes
