Key points to remember

• MetaMask and Phantom fixed a critical vulnerability in their browser extension wallets.
• Codenamed “Demonic”, the vulnerability exposed users’ secret recovery phases by saving them as unencrypted plain text on users’ drives.
• Although wallet providers have patched the threat, some users may still be vulnerable unless they migrate their funds to new wallets using the latest versions of wallet software.

Share this article

Some of the most popular browser extension crypto wallets suffer from a critical vulnerability that makes users’ secret recovery phases vulnerable to theft, a new report has revealed.

Crypto Wallets Fix Critical Vulnerability

Several browser wallet vendors have successfully patched a long-standing vulnerability.

According to a Wednesday report from cybersecurity firm Halborn, some of the most popular cryptocurrency wallets, including MetaMask, Phantom, Brave, and the xDefi browser, suffered from a critical vulnerability in their browser extension software. Under certain conditions, the vulnerability, codenamed “Demonic”, exposed users’ secret recovery phases, allowing would-be attackers to access billions of dollars in cryptocurrencies held in browser extension wallets. global scale.

In the report, Halborn explained that the insecure permissions vulnerability caused the browser extension’s crypto wallets to record the contents of all entries without a password, including so-called mnemonic keys or secret recovery phrases. , as unencrypted plain text on users’ drives as part of the “Restore Session” feature. This put all users who had imported their browser extension crypto wallets using a secret recovery phrase at risk of having their private keys and cryptocurrency funds stolen.

In a blog post on Wednesday, the Solana Phantom Wallet noted that Halborn alerted them to the demonic vulnerability last September and began rolling out patches in January. Phantom confirmed that in April all users were protected against the vulnerability and stated its intention to introduce an even more comprehensive patch next week. MetaMask, on the other hand, said it fixed the vulnerability in versions 10.11.3 and later. However, some users who previously imported older versions of the Browser Wallet using their passphrase may still be at risk, especially those using unencrypted hard drives or potentially compromised computers.

As a precaution, MetaMask recommended users to install the latest version of its browser extension wallet and migrate funds to new wallets. So far, no exploit related to the Demonic vulnerability has been reported.

Disclosure: At the time of writing this article, the author of this article owned ETH and several other cryptocurrencies.

Share this article

Information on or accessible through this website is obtained from independent sources which we believe to be accurate and reliable, but Decentral Media, Inc. makes no representations or warranties as to the timeliness, completeness or accuracy of any information on or accessible through this website. . Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. Information on this website is subject to change without notice. Some or all of the information on this website may become out of date, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete or inaccurate information.

You should never make an investment decision about an ICO, IEO, or other investment based on information on this website, and you should never interpret or rely on information on this website as advice. investment. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO or other investment. We do not accept compensation in any form for analysis or reporting of any ICO, IEO, cryptocurrency, currency, token sales, securities or materials raw.

See full terms and conditions.