April 24, 2024

MetaMask and Phantom, popular cryptowallets suffered for months from a critical vulnerability in their browser extension plugins.

The vulnerability, dating back to September 2021 and now fixed, put users’ funds at risk as it made it possible for hackers to extract wallet recovery seed phrases stored on computer disks.

Advertisements

No exploits have yet been reported that could be tied to the vulnerability.

Researchers says, the seed phrases generated by wallet providers were being saved on users’ computers in plain text as part of the Restore Session feature. This meant malicious actors could gain entry using malware or physical access.

MetaMask, the most popular web3 wallet on Ethereum, clarified that the critical security issue affected only a “small segment of users” and that the vast majority of users were not at high risk. The MetaMask team added that it already issued mitigations against the vulnerability in its latest update of the wallet’s browser extension.

Advertisements

Phantom, the most-used web3 wallet on the Solana blockchain, said it began issuing fixes in January, three months after the vulnerability was initially flagged by researchers. Phantom plans on rolling out another exhaustive patch next week.

Researchers from Halborn, conducted the research.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Google Fixes Critical Vulnerability in Chrome -CVE-2024-4058

April 24, 2024

Red Ransomware Victimized Targus

April 23, 2024

Oracle Virtual Box Vulnerability PoC Released – CVE-2024-21111

April 22, 2024

CrushFTP Zeroday Vulnerability Exploited in Wild attack

April 21, 2024

TheCyberThrone Security Week In Review – April 20, 2024

April 21, 2024

MITRE Breached Exploiting Ivanti Zeroday

April 20, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading