The “Demonic” vulnerability, present in browser wallets, exposed users’ secret recovery phases by recording them as unencrypted text on hard drives.
- MetaMask and Phantom fixed the critical vulnerability.
- The vulnerability exposed the secret recovery phases.
- Brave and xDefi also confirmed that they have applied patches.
Cryptocurrency cryptocurrencies are digital currencies that use cryptographic technologies to secure their operation. wallets Metamask an online digital wallet that allows users to manage, transfer and receive Ethereum, operating as an extension to a regular browser. y Phantom reported that they have implemented fixes for a crucial vulnerability that put the integrity of their users’ funds at risk.
The team from the cybersecurity firmHalborn revealed flaw present in browser cryptocurrencies including some of the most popular ones such as Metamask, Phantom, Brave y xDefi . According to the report, the vulnerability exposed users’ secret recovery phases, opening a window for malicious actors to steal cryptocurrencies stored in those wallets.
Baptized “ Demonic “The vulnerability caused the browser extension’s wallets to save the contents of all passwordless entries, including so-called mnemonic keys or secret recovery phrases, as unencrypted text on users’ disks, the firm explained. This meant that the hackers could potentially be accessed by malware malware or malicious software refers to harmful programs utilized by bad actors to illegally access and/or compromise a computer, network or server. or physical access.
Halborn también detalló que el error de seguridad data desde septiembre de 2021, y que desde entonces ha estado trabajando con los proveedores de billeteras para implementar parches.
Metamask y Phantom parchean sus billeteras
In a blog post on Wednesday, the wallet a place where cryptocurrency users can store, send and receive digital assets. team from the Solana , Phantom confirmed that the cybersecurity firm had alerted them to the breach in September 2021. Phantom began deploying patches for the vulnerability in January and said that, as of April, all of its users were protected from the vulnerability.
1/ As of April 2022, Phantom users are protected from the “Demonic” critical vulnerability in crypto browser extensions.
— Phantom (@phantom) June 15, 2022
Phantom added Wednesday that it expects to release a new update next week to further strengthen its security. The wallet’s Ethereum a decentralized open-source blockchain with smart contracts functionality. , Metamask also reported to its users that it had deployed a patch that modifies the recovery phrase input process to “ one field per word “.
According to the Metamask Users who are upgraded to version 10.11.3, which was released in March, are not at risk from the vulnerability. Nor are those using the mobile version affected by the flaw, the vendor added. However, advised Anyone who may have been using an older version of their browser extension with an unencrypted hard drive, and who has imported their secret recovery phrase, should consider migrating to a new wallet.
Halbornfor his part, indicated that Brave y xDefi have also implemented fixes to address a place where cryptocurrency can be sent to and from, in the form of a string of letters and numbers. the vulnerability. Reports suggest that, so far, there have been no reported hacking hacking is the process of using a computer to manipulate another computer or computer system in an unauthorized fashion. attacks that may be related to the vulnerability.
- Metamask, Ethereum wallet, is down due to Infura service disruption
- Phishing when a scammer pretends to be a trusted institution or person to trick people into revealing sensitive information such as Social Security numbers, passwords, banking details, etc., often through a malware link disguised as legitimate. campaign is stealing cryptocurrencies from Metamask and Phantom wallet users
- Hackers spread a price difference between asking and selling prices of the asset. malware on Telegram that targets crypto-wallet users
Article by Hannah Estefania Perez / DiarioBitcoin
Imagen de Unsplash