MetaMask announced on Wednesday that it discovered a significant security flaw in older versions of its cryptocurrency wallet with the assistance of security researchers from Halborn. The security firm received a $50,000 reward for finding the flaw.
The possible vulnerability would have existed for users of the MetaMask extension prior to version 10.11.3 if three criteria were met. They are:
(1) an unencrypted hard drive;
(2) importing a secret recovery phrase into a MetaMask extension on a devicethat has been compromised, stolen, or has unauthorised access; and
(3) using the "Show Secret Recovery Phrase" checkbox to view one's secret recovery phrase on-screen during the import proces
The exploit appears to affect all browser versions of MetaMask wallet versions previous to update 10.11.3, as well as all OS systems if all three conditions are met, but not mobile version
MetaMask advises impacted users to move their cash out of compromised wallets. It is worth noting that all three conditions must have existed for the MetaMask vulnerability to have been exploitable in earlier version
What is MetaMask?
The software wallet MetaMask is used to interact with the Ethereum blockchain. MetaMask is developed by ConsenSys Software Inc., a blockchain software business that focuses on Ethereum-based tools and infrastructure. It enables users to access their Ethereum wallet through a browser extension or mobile app, which can subsequently be used to engage with decentralised applications
Copyright©2022 Living Media India Limited. For reprint rights: Syndications Today