Post Friends My journal
dartwalker

Metamask, Brave, Phantom fixed the vulnerability

Jul 13, 2022 20:01







On June 15, several companies providing cryptocurrency wallets, as well as Cybersec, the company responsible for finding exploits, announced the existence of a security problem affecting crypto wallets based on browser extensions.
The vulnerability, codenamed "Demonic", was discovered by security researchers from Halborn, who contacted the affected companies last year. Now they have made their findings public, allowing the affected parties to solve the problem in advance to limit the damage to end users.
Metamask, xDEFI, Brave and Phantom were vulnerable

The Demonic exploit, officially named CVE-2022-32969, was originally discovered by Halborn back in May 2021. It affected wallets using BIP39 mnemonics, allowing attackers to intercept recovery phrases remotely or using hacked devices, which ultimately led to hacking of the wallet. However, the exploit required a very specific sequence of events.

To begin with, this problem has not affected mobile devices. Only wallet owners using personal computers were vulnerable. Finally, it would be necessary to use the "Show Recovery secret phrase" option.

Halborn immediately contacted the four companies that were found to be in danger because of the exploit, and a secret work began to fix the problem before it was discovered by black hackers.

Metamask developer Dan Finley published a blog post in which he urged users to update the wallet to the latest version in order to take advantage of the patch that fixes the problem. Finlay also asked them to pay attention to security in general, so that devices are always encrypted.

The blog post also announced the payment of $50,000 to Halborn for the discovery of the vulnerability as part of the Metamask error detection reward program, which pays amounts from $1 to $50,000, depending on the severity.

Phantom also issued a statement on the matter, confirming that the vulnerability had been fixed for its users by April 2022. The company also invited Ussam Amri- the expert behind Halborn's discovery, joined the Phantom cybersecurity team.

https://coin-signal.com/cryptonews/metamask-brave-phantom-fixed-the-vulnerability/
#Brave, #Cryptonews, #Fixed, #Metamask, #Phantom, #Vulnerability
#CryptoNews

#vulnerability, #phantom, brave, vulnerability, fixed, metamask, phantom, cryptonews, #fixed, #cryptonews, #metamask, #brave

Leave a comment

Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.