A Layer 1 blockchain called NEAR Protocol informed consumers that SMS and email data used as recovery options in its basic wallet service had been compromised in June. According to a recent report from NEAR, the problem was fixed before any damage was done.
Users can add recovery options, such as email addresses or phone numbers, to their crypto wallet accounts by using the wallet service provided by NEAR Protocol at wallet.near.org. Sensitive information was unintentionally made available to a third party due to a system bug.
In order to stop the breach from posing a threat to user privacy or financial security, NEAR said that it was able to promptly address the situation by erasing access to the data from the third party or its own personnel.
“The wallet team immediately remediated the situation, scrubbed all sensitive data, and identified any personnel who could have had the ability to access this data” the team said.
A web3 security auditing company called Hacxyk, which received a $50,000 reward, discovered the flaw on June 6. But up until recently, the NEAR Protocol team had kept the details to themselves.
NEAR Protocol’s use of the analytics provider Mixpanel
The third party, according to Hacxyk, was NEAR’s use of the analytics provider Mixpanel. Hacxyk likened the situation to the current Slope Wallet problem, in which wallet information was unintentionally sent to a central server. Additionally, it said that private keys may have also been compromised in the instance of NEAR.
“We believe the nature is very similar to the recent Slope wallet hack on Solana. In short, the seed phrases were unknowingly leaked to the third party Mixpanel, an analytics service, when users chose email/SMS as the seed phrase recovery method. This means users’ seed phrases are stored into Mixpanel’s server” Hacxyk said.
The NEAR Protocol stated that it no longer permits users to create accounts utilizing email or SMS for account recovery as a security measure. It also suggested that customers “rotate their keys” or add a hardware wallet, like as Ledger, if they had previously used email or SMS recovery alternatives with their NEAR wallet.
According to Hacxyk, NEAR wallets’ wallet account model differs slightly from Ethereum’s. A crypto account may have several keysets with various levels of access. NEAR instructs users to revoke any possibly compromised keysets and add new ones in their place by rotating private keys.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Annie
CoinCu News
