Home
News
On Wednesday, Solana wallet Phantom declared that it is releasing a new update to improve its security following a “demonic vulnerability” founded by Halborn, a blockchain cybersecurity firm in May of last year.
Phantom, Brave, MetaMask, and XDefi browser extension wallets, were affected by the vulnerability. Secret recovery phrases might be stored on-disk encrypted when wallets among these were imported using a seed phrase.
This translates to the fact that anyone making use of a borrowed computer runs the risk of losing the assets in their wallet if an attacker gets access to their hard drive.
In March, MetaMask, the Ethereum wallet, tackled this vulnerability with version 10.11.3 and performed the modification of the recovery phase input process into “one-field-per-word.”
Metamask mentioned that mobile app users remain unaffected by the exploit in a blog post published on Wednesday.
Phantom revealed that it became aware of the vulnerability in September 2021. It started working on fixing these bugs in January 2022 but only in April of this year it fully patches the vulnerability.
Phantom revealed that next week it will be launching another substantial security patch.
On Wednesday, Halborn in a report disclosed that the Brave and XDefi have also since patched the vulnerability.
MetaMask stated it rewarded Halborn with $50,000 for finding the security exploit, and patted the shoulders of users saying that only “a small segment of users” will be affected by the exploit.
It further added that individuals with a fully-encrypted hard drive will stay immune to the vulnerability.
MetaMask on Twitter that users who make use of full disk encryption will remain immune to the approach reported and advised users to perform extra care.
Phantom shared that since the exploit it has hired Oussami Amri, the Halborn employee who discovered the vulnerability as a security engineer.
Phantom stated that Substantial parts of our codebase have been altered, adding that in the coming future, parts of its code will be open source.
Metamask also gave advice to users that if they are using an older version of its browser extension with an unencrypted hard drive and who imported their secret recovery phrase on a potentially compromised device and chose the “Show Secret Recovery Phrase” checkbox- should think about migrating to a new wallet.
ALSO READ: Crypto Witness More Than $1B In Liquidation Following Bitcoin, Ether Broke Major Support Levels
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.
