NEAR is a sharded, developer-friendly, proof-of-stake public blockchain, built by a world-class team that has built some of the world's only sharded databases at scale.
El personal de Near patched this vulnerability in early June, but disclosed more details about it in a recently published post. Analysts detail that this breach closely resembles the one that was presented a few days ago in a wallet a place where cryptocurrency users can store, send and receive digital assets. of Solana.
- Near Protocol the set of rules that define interactions on a network, usually involving consensus, transaction validation, and network participation on a blockchain. reported vulnerability patched in early June
- La vulnerabilidad permitía a terceros acceso al código semilla de los monederos
- There were no reports of possible casualties, so the error was corrected in time.
- This is similar to the breach through which funds were stolen from a wallet of Solana
Near Protocol, the project Blockchain a distributed ledger system. A sequence of blocks, or units of digital information, stored consecutively in a public database. The basis for cryptocurrencies. which is among the most recognized propositions within the ecosystem, recently revealed that there was a security the term securities refers to a fungible and tradable financial instrument that carries a type of monetary value. breach discovered and fixed last June, which could have allowed bad actors to gain access to the seed codes of users’ wallets.
According to published information on the official blog of the project y broadcast by several media outlets the team of Near received an official communication from the security firm Hacxyk, which indicated a possible breach in the retrieval option a contract giving the buyer the right, but not the obligation, to buy or sell an underlying asset or instrument at a specified strike price. via email or SMS messages to access again the Near Wallet. This feature potentially exposed users’ seed codes, which could have resulted in a major leak to third parties.
Para este caso, toda la información privada iba a parar a la plataforma de análisis Mixpanel, which could put users at risk if the latter were to fall victim to a security breach:
“This allows anyone with access to the Mixpanel access log, or the Mixpanel account an account is essentially a whose purpose is to track the financial activities of a specific asset/ owner (e.g., Near devs) to have access to everyone who clicked the link in the recovery email. A likely scenario would be [that] the Mixpanel owner’s account would be compromised.”
Near immediately solved the problem
Once you Near noted the information provided by Hacxyk, proceeded to address a place where cryptocurrency can be sent to and from, in the form of a string of letters and numbers. the security breach the same day they received the notification. They proceeded to delete all the leaked information and identified the individuals and entities that may have had access to it.
As part of these efforts, the Hacxyk received a reward for helping Near Protocol to keep users’ funds safe. However, information about the breach and the procedures for resolving the case were kept strictly secret until the security firm decided to go public in a series of tweets published this week:
Back in June, we found a bug in @NEARProtocol wallet that was almost the same as the recent Solana wallet hack. When a Near wallet user chooses “email” as the seed phrase recovery method, the seed phrase is leaked to a third party site. https://t.co/gHWhmxE3Sm pic.twitter.com/MK31xUeAeL
– Hacxyk. (@Hacxyk) August 4, 2022
Similarity with what happened to Solana
An important detail revealed by the Hacxyk with regard to the gap of Near is that this one bore some similarity to the hacking hacking is the process of using a computer to manipulate another computer or computer system in an unauthorized fashion. that was perpetrated against the purse Slope de Solana , as the latter had a similar vulnerability that allowed attackers to steal users’ private keys.
In the latter case, the breach allowed attackers to steal about $6 million in cryptocurrencies from more than 10,500 wallets. The team at Near indicó que no recibieron ningún reporte por parte de personas afectadas debido a su vulnerabilidad:
“To date, we have found no indicators of compromise related to the accidental collection of this data, nor do we have reason to believe that this data persists anywhere.”
- Some 8,000 Solana hot wallets affected in millionaire hacking
- DelNorte and NEAR Announce Strategic and Technology Partnership
- Sources indicate that NEAR Protocol is about to launch its own stablecoin a cryptocurrency with extremely low volatility, sometimes used as a means of portfolio diversification. Examples include gold-backed cryptocurrency or fiat-pegged cryptocurrency. this April.
Reporte de Angel Di Matteo / DiarioBitcoin
Imagen de Unsplash