Popular crypto wallets such as MetaMask and Phantom have been plagued by a significant vulnerability in their browser extension software for months, according to research revealed on Wednesday by cybersecurity firm Holborn.
Hackers were able to get their hands on wallet recovery seed phrases saved on computer CDs, putting users’ money at risk. Users’ cash are at risk due to the vulnerability, which dates back to September 2021 and has previously been fixed. However, no exploits connected to the problem have yet been discovered.
According to Halborn’s investigation, the seed phrases provided by wallet providers were stored in plain text on customers’ PCs as part of the “Restore Session” feature. This means that bad actors could gain access by software or physical means. They worked with wallet providers to patch their wallets against the vulnerability, according to Halborn.
MetaMask, the most popular Web3 Ethereum wallet
The serious security hole only affected a “small minority of users” and that the vast majority of users were unaffected. According to the MetaMask blog, there may be a “situation where user keys are recovered unencrypted on disc in unexpected edge cases.” It’s also supplied mitigations for the most recent version of its browser extension.
Meanwhile, three months after Halborn first discovered the problem, Phantom, the most popular web3 wallet on the Solana blockchain, stated that it began distributing cures in January. Phantom also mentioned that a new comprehensive fix would be deployed the following week.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews