Halborn Security discovered a critical flaw in popular web3 wallets such as MetaMask or Phantom. Hackers were able to access recovery seed phrases on computer disks due to the vulnerability, which was now fixed.
According to a report by cybersecurity firm Halborn, popular crypto wallets such as MetaMask or Phantom were affected for months by a critical vulnerability within their browser extension software.
This vulnerability dates back to September 2021, and is now fixed. It allowed hackers to access wallet recovery seed phrases on computer disks, putting users’ funds at risk. No exploits that could be linked to the vulnerability have been reported.
The report by Halborn’s researchers stated that seed phrases created by wallet providers were being stored on users’ computers as plain text under the “Restore Session” feature. This allowed malicious actors to gain physical or malware access. Halborn said that they had worked with wallet providers in order to patch their wallets against this vulnerability.
MetaMask is the most popular web3 wallet for Ethereum. It clarified that only a small number of users were affected by the critical security problem and that the majority of users are not at risk. MetaMask blog suggests that there may be an “exceptional case where user keys can be found on disk unencrypted in edge cases.” It has also issued mitigations for its latest browser extension version.
Phantom, the web3 wallet most used on the Solana Blockchain, stated that it started issuing fixes in January three months after Halborn first flagged the vulnerability. It also stated that Phantom intends to roll out an additional comprehensive patch next week.
