According to a report from Halborn cybersecurity firm, MetaMask crypto wallet and Phantom crypto wallet, two of the most well-known browser extension wallets, had been suffering from a vulnerability in their browser extension software for months.
The vulnerability of MetaMask and Phantom crypto wallet dates back to September 2021, when it was made possible for hackers to extract wallet recovery seed phrases and put users’ funds at a critical security risk. This bug is fixed now, and it worked particularly with seed phrases stored on computer disks. However, no exploits are reported that could be tied to this certain bug.
According to Halborn's researchers, the seed phrases were being saved on users' computer disks as plain text in the "Restore Session" feature. This let malicious actor access the recovery seed phrases using malware or physical access. The Halborn report says their team worked with these wallet providers such as MetaMask crypto wallet team to patch their wallets against the vulnerability.
MetaMask, the most popular Ethereum Web 3.0 hot wallet, claimed that the critical security bug affected only a "small segment of users" and the majority of users were not at high risk. According to MetaMask blog, there could be a "case where user keys could be found unencrypted on disk in rare edge cases." Furthermore, it has issued mitigations on its latest browser extension version.
Phantom, the most-used Solana web3 wallet, said it began the fixing process in January which is three months after the vulnerability was flagged by the Halborn team. Moreover, Phantom plans on rolling out another exhaustive patch next week.
Well you can stay safe from Phantom crypto wallet bug and many other risks by educating yourself! Here at Cryptologi.st we have provided you with many informative articles, news and project overviews to take your crypto knowledge to the next level. Not only that, but we also provide investor’s tools, i.e., a watchlist and screener FOR FREE, to streamline your crypto decision making process. Don’t forget to DYOR, cryptofam!
Any advice contained in this website is general advice only and has been prepared without considering your objectives, financial situation, or needs. You should not rely on any advice and/or information contained in this website and before making any investment decision we recommend that you consider whether it is appropriate for your situation and seek appropriate financial, taxation, and legal advice.
© 2022 - Created by Cryptologi.st