paint-brush
Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)by@z3nch4n
3,490 reads
3,490 reads

Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)

by Zen ChanJune 20th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Popular cryptocurrency wallet providers MetaMask and Phantom (Solana ecosystem) disclosed on the 16th that they have recently patched a security flaw. The vulnerability stems from a problem in Javascript that may cause the mnemonic to be stored in memory for a period of time, allowing an attacker to obtain the.mnemonic from an unencrypted hard drive, thereby controlling the victim user's encrypted assets and NFTs. Wallet providers have notified at least ten other browsers and extension-based wallet providers, including MetaMask, Phantom and Brave.

People Mentioned

Mention Thumbnail

Company Mentioned

Mention Thumbnail

Coins Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Crypto Wallets Exposed "Mnemonic Phrase Vulnerabilities" (4 Already Fixed)
Zen Chan HackerNoon profile picture

Popular cryptocurrency wallet providers MetaMask and Phantom said today that they had patched a security flaw that could, in some cases, allow attackers to obtain mnemonic phrases from a hacked computer's disk, enabling many browser-based extensions of wallets are at risk of being hacked.

Popular cryptocurrency hot wallet providers MetaMask and Phantom (Solana ecosystem) disclosed on the 16th that they have recently patched a security flaw. The vulnerability stems from a problem in Javascript that may cause the mnemonic to be stored in memory for a period of time, allowing an attacker to obtain the mnemonic from an unencrypted hard drive, thereby controlling the victim user's encrypted assets and NFTs.


The vulnerability was discovered in May last year by blockchain security firm Halborn, which, in addition to MetaMask and Phantom, has notified at least ten other browsers, and extension-based wallet providers, according to Coindesk.


UPDATE: Some Wallets Have Fixed Vulnerabilities

Halborn confirmed that wallets that have fixed the vulnerability include MetaMask, Phantom, Brave, and xDefi.


https://twitter.com/HalbornSecurity/status/1537105566224601091

Phantom announced today that they learned of the vulnerability in September 2021 and fully patched it in April this year. At the same time, they added that another critical security patch would be rolled out next week.


MetaMask said that users using mobile device applications are not affected, but a small number of users in many browser wallets, including MetaMask, will face security risks. The team released MetaMask expansion version 10.11.3 in March. Fixed the bug, so these shouldn't be an issue for users of this version and newer.

Conditions for an Attack

The team further explained that there is a possibility of being attacked if the following three conditions are met:


  1. The hard disk is not encrypted.
  2. Import the annotation words into a hacked computer or someone you do not trust.
  3. Use the "Show Mnemonic" feature when importing.

Final Words - Transfer Assets to New Wallet Addresses

MetaMask recommends that users consider transferring funds from these wallet accounts to ensure safety if they meet the above conditions. It also provides guidelines for migrating account funds and states that third-party migration tools must be used at your own risk.


The team further suggested that if users are concerned about assets being affected, they can consider enabling disk encryption on the system and using hardware wallets to manage assets. However, co-founder Steve Walbroehl, who received a $50,000 bounty from MetaMask for reporting the bug, Steve Walbroehl, told Coindesk that most users are still advised to move to a new wallet address.



Thank you for reading. May InfoSec be with you🖖.