Browser-based Crypto Wallets Are Exposed to a Security Risk
MetaMask, Phantom, Brave, and other browser-based cryptocurrency wallets report that customer money has not been compromised.
According to a recent study, a number of popular browser-based crypto wallets are susceptible to hacking under specific situations.
Halborn, a blockchain security company, discovered a number of cases in which wallets like Brave, MetaMask, and Phantom may be hacked under certain computing settings, adding even another complication for traders already hurting from recent high-profile decentralised finance (DeFi) attacks.
The circumstances may reveal a crypto wallet user’s secret recovery phrase (a string of words that grants access to their crypto), which can then be used to modify their private key. Digital assets totalling billions of dollars are held in software wallets.
Contact was made with affected wallet providers, and the vulnerability was concealed until the security problems were resolved.
The affected cryptocurrency wallets, such as Metamask, are self-custody wallets, meaning that users are solely responsible for preserving their private keys.
“Exchanges like Coinbase or Binance often keep custody of these keys on behalf of their users,” Halborn’s chief security officer and co-founder, Steven Walbroehl, said to Blockworks.
It is the users’ obligation to take the issue seriously, update their wallets to the patched version stated on the wallet developers’ websites, and change their mnemonic phrase if they believe it may be in danger, according to Walbroehl.
MetaMask has requested that users upgrade their extension versions to 10.11.3 or higher and “take the time to activate complete disc encryption on their PCs.”
In a blog post, Dan Finlay, founder and group manager of MetaMask, echoed Walbroehl’s advice that users should “remember that it is their duty to maintain the security of their machine. No programme or wallet can protect itself if the machine it operates on is hacked. Take the effort to understand how to prevent downloading a computer virus.”
Phantom, meanwhile, noted in a blog post that users should spread their wallets to avoid risk and utilise hardware wallets to hold big quantities of assets and currencies in order to safeguard themselves on Web3.
“Other countermeasures include keeping the mnemonic phrase/key on a hardware wallet, such as Trezor or Ledger. These wallets are still compatible with software wallets like Metamask when physically attached via a USB connection, but the keys are protected against attackers who may get access to your disc, according to Walbroehl. $50,000 has been awarded to Halborn. The wallet operators did not reply to comment requests.