MetaMask, Phantom, Brave, and XDefi Wallets Patch ‘Demonic Critical Vulnerability’ Before an Attack

 

A number of prominent browser extension wallets, including Ethereum (ETH) wallet MetaMask, Solana (SOL)‘s Phantom, Brave, and cross-chain wallet extension XDefi, have patched a “critical vulnerability” that could have exposed sensitive login credentials if specific conditions were met.

The wallet providers claim the vulnerability has not been exploited by bad attackers, meaning no user funds were stolen using this vector of attack.

In a blog post, MetaMask detailed that the issue did not impact MetaMask Mobile users and only affected “a small segment of MetaMask Extension users as well as users of other browser/extension wallets.”

The popular Ethereum wallet said that they have since implemented updates to solve the issue, claiming that it does not affect users of the MetaMask Extension versions 10.11.3 and later. MetaMask added that users need to worry only if all of the following conditions are met:

• their hard drive was not encrypted;
• they imported their Secret Recovery Phrase into a MetaMask extension on a device that is in possession of someone they do not trust, or their computer is compromised;
• they used the “Show Secret Recovery Phrase” checkbox to view their Secret Recovery Phrase on-screen during the import process.

“If your computer is not physically secure from people you do not trust, we recommend you enable full disk encryption on your system,” MetaMask said. “Additionally, you are not affected by this if your funds are managed by a hardware wallet.”

Solana’s Phantom, a self-custodial wallet for decentralized finance (DeFi), also confirmed they were affected by the issue, saying they were first notified about the vulnerability in September 2021.

“After some investigation and an official audit, fixes began rolling out in January 2022 and by April, Phantom users became protected from this critical vulnerability,” Phantom claimed, adding that they will release “an even more exhaustive patch” next week.

3/ With this vulnerability, users who imported their wallet with a secret recovery phrase were at risk if a sufficiently advanced attacker gained control of their device.

We are proud of the collaborative effort among many partners that helped keep the crypto community safe.

— Phantom (@phantom) June 15, 2022

The security vulnerability was discovered and reported to all affected wallet browsers by blockchain security firm Halborn. “We disclosed a critical vulnerability affecting MetaMask, Phantom, Brave, and XDefi, and other browser based crypto wallets,” the company said in a Twitter thread.

Halborn said they discovered the “Demonic” vulnerability back in May 2021 and provided assistance to all affected browsers with the help of MetaMask.

The blockchain company has also received a USD 50,000 bounty from MetaMask for the discovery, which “was the largest security-related payout that MetaMask had ever made at the time,” Halborn said. 

The incident is yet another reminder that internet-connected hot wallets are subject to security vulnerabilities. Users can consider hardware wallets for better security.

____

Learn more: 
– MetaMask Aims to Help Crypto Scam & Phishing Victims Take Legal Action Against Fraudsters
– MetaMask Issues Warning About Phishing Attacks Via iCloud After a User Lost USD 650K

– Privacy-Focused Brave Browser Aims to ‘Cut Out’ Google With De-AMP
– As Opera Challenges Brave Browser with Push Further into Crypto, How Do They Compare?

– Here’s How You Can Protect Yourself Against Phishing as Trezor is Attacked
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes