While the team of Halborn does not offer specific details about the vulnerability, they have already notified the companies responsible for the wallets and they have already taken action on the matter, publishing updates on their respective websites to cover such security the term securities refers to a fungible and tradable financial instrument that carries a type of monetary value. gaps.
- Halborn warns users to keep their computers clean of viruses.
- It specifically points out wallets linked to web browsers.
- The gap exposes the seed codes of the wallets.
- Equipment for MetaMask an online digital wallet that allows users to manage, transfer and receive Ethereum, operating as an extension to a regular browser. y Phantom already launched patches for their wallets.
A recently published report reports that, there are a number of specific IT conditions under which wallets such as Brave, MetaMask y Phantom could have their security compromised, allowing attackers to steal victims’ funds.
Halborn warns about vulnerability present in crypto wallets
The report was published by the security firm Blockchain a distributed ledger system. A sequence of blocks, or units of digital information, stored consecutively in a public database. The basis for cryptocurrencies. Halborn, which documented several cases in which the aforementioned wallets were breached by exposing their seed codes, without the knowledge of their owners, resulting in the theft of millions of dollars from the affected individuals.
In this regard, the co-founder and CIO ofHalborn, Steven Walbroehl, said that while they can not offer more details at the moment because they notified the companies to make the necessary corrections, it is important that users are very careful and keep in good condition the equipment in which they make use of the respective wallets.
However, Walbroehl called attention and invited important exchanges to be very careful, as many of them have users’ funds at their disposal and are therefore a constant target for attackers looking to get their hands on them:
“Exchanges such as Coinbase is an American company that operates a cryptocurrency exchange platform. or Binance often hold seed codes in escrow a financial instrument where assets or cash are held by a third party while a buyer and a seller complete a deal. on behalf of customers…The impact will be greatest for those who escrow such assets…. it is up to users to take this seriously, update wallets to the patched versions listed on their development teams’ websites, as well as periodically change change — a concept relevant to cryptocurrencies that use the UTXO model — is the number of coins sent back to a user after they use their unspent outputs to initiate a transaction. their login passwords if they feel they may be at risk.”
El CIO deHalborn indicated that they have already contacted the companies responsible for the wallets about the vulnerability, so they will keep the details secret until they solve these problems.
Algunos detalles revelados
Although there is not much information about the vulnerability, the team atHalborn indicó que las personas y/o entidades que cumplan con las siguientes condiciones podrían estar en riesgo de perder sus activos:
- Users with unencrypted hard drives.
- Users who previously imported their seed codes into a web extension on a device that is in the possession of another computer, or whose security has been compromised.
- Usuarios que hayan visto sus códigos semilla en pantalla durante los procesos de importación.
After receiving notification from theHalborn and to verify the vulnerability, the team from MetaMask asked in a statement to upgrade its browser-linked wallets to version 10.11.2 or later, as well as to take the time to enable full encryption encryption is a method through which information can be made into code. of computer disks.
The team of MetaMask también invitó a los usuarios a mantener sus computadores libres de amenazas de seguridad, y agregó que aunque hacen todo lo posible por garantizar la seguridad del monedero, en última instancia esta dependerá principalmente del usuario y del estado de su equipo.
For its part, the team of Phantom echoed the remarks made by those responsible for the MetaMask e invitó a los usuarios a implementar mecanismos adicionales, como por ejemplo vincular los monederos a hardware físicos como Trezor o Ledger, con lo cual se añade una capa de seguridad adicional que mantendría a buen resguardo los fondos de los usuarios.
RegardingHalborn, the contacted company teams acknowledged the veracity of the allegations and rewarded the company with USD $50,000 for the good deed.
- MetaMask users at risk of exposing their IP address, security report warns
- OpenSea warns about phishing when a scammer pretends to be a trusted institution or person to trick people into revealing sensitive information such as Social Security numbers, passwords, banking details, etc., often through a malware link disguised as legitimate. attack through its official group on Discord discord is a web-based communication tool or application primarily built to enable communication between gamers.
- DeFi a movement encouraging alternatives to traditional, centralized forms of financial services. Voltage Finance Protocol the set of rules that define interactions on a network, usually involving consensus, transaction validation, and network participation on a blockchain. was hacked and hackers stole USD $4 million in cryptocurrencies
Version by Angel Di Matteo / DiarioBitcoin
Imagen de Unsplash