Several browser plug-in wallets have security vulnerabilities, which have been fixed by MetaMask and Phantom

At least 10 browser plug-in wallets, including MetaMask and Phantom, have the potential to expose login information due to a vulnerability in the Javascript language.

 

According to CoinDesk, at least 10 browser plug-in wallets, including MetaMask and Phantom, have the potential to expose login information due to a vulnerability in the Javascript language that allows mnemonics to be stored in memory After a period of time, it can be exploited by attackers. At present, MetaMask and Phantom have fixed this vulnerability. Both sides said there was no evidence the vulnerability was ever exploited by attackers, meaning no user funds were known to have been affected.

MetaMask says that hacking occurs only if the hard drive is not encrypted, the mnemonic is imported to an untrusted device or the computer is hacked, and the “show mnemonic” function is used when importing. The possibility of guest intrusion. MetaMask and Phantom recommend that users update their browsers, among other things, to ensure that the wallets they use are running the latest software version.

Blockchain security firm Halborn was awarded a $50,000 bounty for disclosing the vulnerability and advised users to switch to a new wallet address. Halborn co-founder Steve Walbroehl said the vulnerability has been around for a long time and it is best to change the wallet address out of an abundance of caution.

Yesterday, cybersecurity firm Confiant issued a warning that a new type of copy wallet attack is affecting users of Web3 wallets such as Metamask and Coinbase Wallet. The attack, which Confiant calls Seaflower, is one of the most sophisticated of its kind. The apps cannot be detected by ordinary users because they are nearly identical to the original but have different libraries that allow hackers to steal the wallet’s help. Memorize words to get funds.

source:

  • MetaMask, Phantom and Other Browser Wallets Patch Security Vulnerability

Join T Kebang Facebook Fan Group

Similar Posts

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.