Recently, social media accounts around the world have been bustling with news about the latest security threat for the users of digital currency extensions. Two of the biggest organizations, MetaMask and Phantom, that provide that browser extension support for consumers are now responding to the news. The latest report issued by a cyber-security enterprise called Halborn suggests that both companies have been suffering from a critical technical blind spot for months.
As per the latest report by Halborn, the technical vulnerability that any hacker can exploit to steal data or cryptocurrencies from the users has been present since September 2021. The report also noted that the bug is now fixed. According to the report, in case a hacker decided to attack a MetaMask or Phantom user, they could access the seed phrase on their devices.
Users’ Funds were at Risk
Because cryptocurrency hacks are a fairly common occurrence in the cryptocurrency community, it is nothing short of a miracle that the MetaMask and Phantom users have remained unharmed thus far. The cyber-security analysts at Halborn recently claimed that despite the long duration that the vulnerability was present on both browser extensions, thus far, there are no reported cases of any crypto heists.
Explaining the details of the vulnerability, the analysts at Halborn elaborated that the seed phrases that the browser extension users had for keeping their accounts protected were stored in the form of a text file on their Restore Session browser feature. For a hacker, it was possible to hack the text file with the seed phrase by using malware or social engineering techniques. The report also claimed that the developers at Halborn have now patched the text file option to mitigate the vulnerability.
MetaMask is one of the most well-known web3 wallet service providers hosted on the Ethereum network. The latest statement issued by the security team of MetaMask suggests that the vulnerability highlighted by the Halborn analysts was a small threat, and most users did not face a critical risk situation.
A new blog entry uploaded by MetaMask reads that there are some cases where the secret key is located in an encrypted form on the hard disk in some browsers. The blog also notes that most browser applications have resolved these issues in their latest version. On the other hand, the Phantom wallet is a Solana blockchain project that started to face issues in January this year. Phantom developers intend to release a patch next week to fix this vulnerability.