E Amazings
  • Home
  • Automotive
  • Business
  • CBD
  • Crypto
  • Education
  • Entertainment
  • Fashion
  • Finance
  • Health
  • Home Improvement
  • Law \ Legal
  • News
  • Shopping
  • Sports
  • Technology
  • Travel

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Opening Bell: Nifty, Sensex start flat; energy, metal, IT stocks shine

June 30, 2022

Oil prices stable as market weighs fuel stocks build amid supply concerns

June 30, 2022

Anil Singhvi Strategy on June 30: Support zone on Nifty is 15675-15750 and Bank Nifty is 33000-33125

June 30, 2022
Facebook Twitter Instagram
E Amazings
  • Home
  • Automotive
  • Business
  • CBD
  • Crypto
  • Education
  • Entertainment
  • Fashion
  • Finance
  • Health
  • Home Improvement
  • Law \ Legal
  • News
  • Shopping
  • Sports
  • Technology
  • Travel
Facebook Twitter Instagram
E Amazings
You are at:Home»Crypto»‘Demonic’ Vulnerability Affecting Crypto Wallets Patched by Metamask, Brave, Phantom
Crypto

‘Demonic’ Vulnerability Affecting Crypto Wallets Patched by Metamask, Brave, Phantom

Paul EasterBy Paul EasterJune 17, 2022No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter Pinterest WhatsApp Email



On the 15th of June, several companies providing crypto wallets – as well as the cybersec firm responsible for finding exploits – announced the existence and subsequent patching of a security issue affecting browser extension-based wallets.

The vulnerability, codenamed “Demonic,” was discovered by security researchers at Halborn, who approached affected companies last year. They have now gone public with their findings, having allowed affected parties to fix the issue beforehand in a bid to limit damage to end-users.

Metamask, xDEFI, Brave, and Phantom Affected

The Demonic exploit – officially named CVE-2022-32969 – was originally discovered by Halborn back in May 2021. It affected wallets using BIP39 mnemonics, allowing recovery phrases to be intercepted by bad actors remotely or using compromised devices, ultimately leading to a hostile takeover of the wallet.
However, the exploit needed a very specific sequence of events to take place.

To start off, this issue did not affect mobile devices. Only wallet owners using unencrypted desktop devices were vulnerable – and they would have had to import the secret recovery phrase from a compromised device. Lastly, the “Show Secret Recovery Phrase” option would have had to be used.

⚠Halborn Receives Major Security Bounty from @MetaMask for Critical Discovery⚠
We disclosed a critical vulnerability affecting @MetaMask, @Brave, @Phantom, @xdefi_wallet, and other browser based crypto wallets – A short 🧵 on the vulnerability and how to protect 🔐 yourselves:

— Halborn (@HalbornSecurity) June 15, 2022

Halborn promptly reached out to the four companies found to be endangered by the exploit, and work began in secret to fix the issue before it could be discovered by black hat hackers.

“Due to the severity of the vulnerability and the number of impacted users, technical details were kept confidential until a good faith effort could be made to contact affected wallet providers.

Now that the wallet providers have had the opportunity to remediate the issue and migrate their users to secure recovery phrases, Halborn is providing in-depth details to raise awareness of the vulnerability and help prevent similar ones in the future.”

Issue Solved, Vigilantes Rewarded

Metamask dev Dan Finlay published a blog post urging users to update to the latest version of the wallet in order to benefit from the patch, which nullifies the issue. Finlay also asked them to pay attention to security in general, keeping devices encrypted at all times.

The blog post also announced the payout of $50k to Halborn for the discovery of the vulnerability as a part of Metamask’s bug bounty program, which pays out sums between $1k and $50k, depending on severity.

Phantom also issued a statement on the matter, confirming the vulnerability was patched for its users by April 2022. The company also welcomed Oussama Amri – the expert behind Halborn’s discovery – to Phantom’s cybersec team.

1/ As of April 2022, Phantom users are protected from the “Demonic” critical vulnerability in crypto browser extensions.

Another exhaustive patch is rolling out next week that we believe will make @Phantom the safest from “Demonic” in the industry. https://t.co/bKE1olpzng

— Phantom (@phantom) June 15, 2022

All parties involved urged concerned users to ensure they have upgraded to the latest version of the wallet and to reach out to the respective security teams for any additional issues.

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.





Source link

Paul Easter

Related Posts

CBDCs Are Natural Evolution Necessary to Protect Fiat Monetary System: Swedish Central Banker  CBDCs an Evolution of Central Banks, Necessary to Protect Fiat Monetary System: Swedish Central Banker 

By Paul EasterJune 30, 2022

Market Selloffs Lead to Rising Inflows of USDC: Circle CEO

By Paul EasterJune 29, 2022

Crypto Winter ‘Weeded out’ Unnecessary Market Participants

By Paul EasterJune 29, 2022

Bitfury’s CEO Explains Why Bitcoin Is Proned for Upcoming Gains

By Paul EasterJune 29, 2022
Add A Comment

Comments are closed.

Our Picks

Opening Bell: Nifty, Sensex start flat; energy, metal, IT stocks shine

By Paul EasterJune 30, 2022

Oil prices stable as market weighs fuel stocks build amid supply concerns

By Paul EasterJune 30, 2022

Anil Singhvi Strategy on June 30: Support zone on Nifty is 15675-15750 and Bank Nifty is 33000-33125

By Paul EasterJune 30, 2022
Recent Posts
  • Opening Bell: Nifty, Sensex start flat; energy, metal, IT stocks shine June 30, 2022
  • Oil prices stable as market weighs fuel stocks build amid supply concerns June 30, 2022
  • Anil Singhvi Strategy on June 30: Support zone on Nifty is 15675-15750 and Bank Nifty is 33000-33125 June 30, 2022
  • Buy, Sell or Hold: What should investors do with AU Small Finance Bank, MMTC and Aavas Financiers? June 30, 2022
  • Stocks to buy today: MTAR Tech, Apollo Tyres, Minda Industries and Bharti Airtel among list of stocks for profitable trade on June 30 June 30, 2022
  • Record-Setting Jumper Tosses Biomimicry Out The Window June 30, 2022
  • Udyami Bharat Programme: PM Narendra Modi to launch several schemes on June 30 to ramp up MSME sector June 30, 2022
Archives
  • June 2022
Facebook Twitter Instagram Pinterest TikTok
  • Home
© 2022 E Amazings - All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.