- MetaMask and Phantom have patched a critical vulnerability in their browser extension wallets.
- Codenamed “Demonic,” the vulnerability exposed users’ secret recovery phases by recording them as clear text on users’ disks.
- While wallet providers have fixed the threat, some users may still be vulnerable unless they migrate their funds to new wallets using the latest versions of wallet software.
Share this article
Some of the most popular browser extension crypto wallets have been suffering from a critical vulnerability that left users’ secret recovery phases vulnerable to theft, a new report has revealed.
Critical Crypto Wallets Patch Vulnerability
Several browser wallet providers have successfully patched a long-standing vulnerability.
According to a Wednesday report from cybersecurity firm Halborn, some of the most popular cryptocurrency wallets, including MetaMask, Phantom, Brave, and the xDefi browser, were suffering from a critical vulnerability in their browser extension software. Under certain conditions, the vulnerability, codenamed “Demonic,” exposed secret user recovery phases, giving would-be attackers access to billions of dollars in cryptocurrency stored in browser extension wallets. all over the world.
In the report, Halborn explained that the insecure permissions vulnerability caused the browser extension’s crypto wallets to save the contents of all passwordless inputs, including so-called mnemonic keys or secret recovery phrases, as clear text on disks. of users as part of the “Restore session” function. He put all users who had imported their browser extension crypto wallets using a secret recovery phrase at risk of having their private keys and cryptocurrency funds stolen.
In a blog post on Wednesday, Solana wallet Phantom noted that Halborn had alerted them to the Demonic vulnerability last September and that they had started rolling out fixes in January. Phantom confirmed that as of April, all users were protected from the vulnerability, and she stated her intention to release an even more comprehensive patch next week. MetaMask, on the other hand, said that it had patched the vulnerability in versions 10.11.3 and later. However, some users who had previously imported older versions of the browser wallet using their secret recovery phrase may still be at risk, especially those who used unencrypted hard drives or potentially compromised computers.
As a precautionary measure, MetaMask recommended that users install the latest version of their browser extension wallet and migrate funds to new wallets. So far, no exploits related to the Demonic vulnerability have been reported.
Disclosure: At the time of writing, the author of this article owned ETH and several other cryptocurrencies.