MetaMask warns of security vulnerability from older versions of popular crypto wallet

Published at:
Adoption
Blockchain
Business
Cryptocurrencies
Security

On Wednesday, MetaMask said that it uncovered a critical security vulnerability in older versions of its crypto wallet with the help of security researchers at Halborn. The security firm was awarded a bounty of $50,000 for the discovery. 

For users of the MetaMask extension before version 10.11.3, three necessary conditions would have led to the potential vulnerability.: 1) an unencrypted hard drive; 2) having imported a secret recovery phrase into a MetaMask extension on a device that was compromised, stolen, or has unauthorized access; and 3) having used the "Show Secret Recovery Phrase" checkbox to view one's secret recovery phrase on-screen during the import process.

"We've only found that the Secret Recovery Phrase could be extracted under very specific circumstances, and we've been able to introduce new protections over the period that Halborn has waited to disclose."

Apparently, the exploit affects all browser versions of MetaMask wallet versions prior to the 10.11.3 update, and all operating systems if all three circumstances were met, but not mobile versions.

MetaMask is warning affected users to migrate their funds from their compromised wallets. However, keep in mind that all three conditions need to have been met for the vulnerability to be active on older versions of MetaMask.

Related Posts
The remaining steps to mainstream institutional investment   May 29, 2021
Microsoft transformed home computing — and this project wants to transform DeFi   April 15, 2021
Cardano ecosystem set to expand with custom-built sidechains   Jan. 13, 2023
Top 7 blockchain courses and certifications for beginners   Feb. 2, 2023
'It would be absurd' for a US court to rule private NFTs as securities: Lawyer   Feb. 23, 2023