According to research released on Wednesday by cybersecurity firm Holborn, popular crypto wallets such as MetaMask and Phantom have been plagued by a severe vulnerability in their browser extension software for months. Hackers were able to obtain wallet recovery seed phrases saved on computer discs, putting users’ assets in danger. The vulnerability, which dates back to September 2021 and has already been addressed, puts users’ funds at risk. However, no exploits linked to the issue have been reported as of yet. Security researchers at @HalbornSecurity have disclosed a wallet vulnerability that affects a small segment of users across many browser-based wallets, including MetaMask.https://t.co/2tBl8BfISA 1/ 🧵 — MetaMask 🦊💙 (@MetaMask) June 15, 2022 The seed phrases supplied by wallet providers were retained in plain text on customers’ PCs as part of the “Restore Session” feature, according to Halborn’s researchers. This means that bad actors may use software or physical access to get access. According to Halborn, they worked with wallet providers to patch their wallets against the vulnerability. 5/ We are also ecstatic to welcome @amriunix, who originally discovered the threat last year as part of @HalbornSecurity, to our team as a security engineer. For more on how we handle security or to report a security finding, please reach out to [email protected]. — Phantom (@phantom) June 15, 2022 Security Flaw Affected Small Fra...
