Popular cryptocurrency wallet providers MetaMask and Phantom said today that they had patched a security flaw that could, in some cases, from a hacked computer's disk, enabling many browser-based extensions of wallets are at risk of being hacked. allow attackers to obtain mnemonic phrases Previously on MetaMask: Hacked: MetaMask User Lost US$81,000 In ETH Popular cryptocurrency hot wallet providers and (Solana ecosystem) disclosed on the 16th that they have recently patched a security flaw. The vulnerability stems from a problem in Javascript that may cause the mnemonic to be stored in memory for a period of time, , thereby controlling the victim user's encrypted assets and NFTs. MetaMask Phantom allowing an attacker to obtain the mnemonic from an unencrypted hard drive The vulnerability was discovered in May last year by blockchain security firm , which, in addition to MetaMask and Phantom, has notified at least ten other browsers, and extension-based wallet providers, according to . Halborn Coindesk UPDATE: Some Wallets Have Fixed Vulnerabilities confirmed that wallets that have fixed the vulnerability include MetaMask, Phantom, Brave, and xDefi. Halborn that they learned of the vulnerability in September 2021 and fully patched it in April this year. At the same time, they added that another critical security patch would be rolled out next week. Phantom announced today said that users using mobile device applications are not affected, but a small number of users in many browser wallets, including MetaMask, will face security risks. The team released MetaMask expansion version 10.11.3 in March. Fixed the bug, so these shouldn't be an issue for users of this version and newer. MetaMask Conditions for an Attack The team further explained that there is a possibility of being attacked if the following three conditions are met: The hard disk is not encrypted. Import the annotation words into a hacked computer or someone you do not trust. Use the "Show Mnemonic" feature when importing. Final Words - Transfer Assets to New Wallet Addresses MetaMask recommends that It also provides guidelines for migrating account funds and states that third-party migration tools must be used at your own risk. users consider transferring funds from these wallet accounts to ensure safety if they meet the above conditions. The team further suggested that if users are concerned about assets being affected, they can consider However, co-founder , who received a $50,000 bounty from MetaMask for reporting the bug, Steve Walbroehl, told that enabling disk encryption on the system and using hardware wallets to manage assets. Steve Walbroehl Coindesk most users are still advised to move to a new wallet address. Further Reading: Protect Your Crypto Wallets With InfoSec - The Three-Tier Wallet System and Crypto-Hygiene Thank you for reading. May InfoSec be with you🖖.

Ethereum

Solana

Twitter

How “Predictive Text” Functionality can Reproduce Mnemonic Crypto Wallet Phrases

Protect Your Digital Identity— Level One (Mobile)

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

Download free Tech Leaders Productivity Report!

Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)

Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

10 Blockchain Entrepreneurs from CIS (Commonwealth of Independent States) to Follow

What's In A (Crypto) Wallet? Hardware Wallets vs Software Wallets vs Online Wallets

Change of Guard: How Improved Security Protocols Can Lift Confidence in Crypto

Crypto Wallet Security 101

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

10 Blockchain Entrepreneurs from CIS (Commonwealth of Independent States) to Follow

What's In A (Crypto) Wallet? Hardware Wallets vs Software Wallets vs Online Wallets

Change of Guard: How Improved Security Protocols Can Lift Confidence in Crypto

Crypto Wallet Security 101

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps