scorecardresearch
MetaMask issues security alert for older versions of platform

MetaMask issues security alert for older versions of platform

The possible vulnerability would have existed for users of the MetaMask extension prior to version 10.11.3 if three criteria were met.

MetaMask issues security alert for older versions of platform MetaMask issues security alert for older versions of platform

MetaMask announced on Wednesday that it discovered a significant security flaw in older versions of its cryptocurrency wallet with the assistance of security researchers from Halborn. The security firm received a $50,000 reward for finding the flaw.

The possible vulnerability would have existed for users of the MetaMask extension prior to version 10.11.3 if three criteria were met. They are:

 (1) an unencrypted hard drive;

 (2) importing a secret recovery phrase into a MetaMask extension on a devicethat has been compromised, stolen, or has unauthorised access; and

(3) using the "Show Secret Recovery Phrase" checkbox to view one's secret recovery phrase on-screen during the import proces

The exploit appears to affect all browser versions of MetaMask wallet versions previous to update 10.11.3, as well as all OS systems if all three conditions are met, but not mobile version

MetaMask advises impacted users to move their cash out of compromised wallets. It is worth noting that all three conditions must have existed for the MetaMask vulnerability to have been exploitable in earlier version

What is MetaMask?

The software wallet MetaMask is used to interact with the Ethereum blockchain. MetaMask is developed by ConsenSys Software Inc., a blockchain software business that focuses on Ethereum-based tools and infrastructure. It enables users to access their Ethereum wallet through a browser extension or mobile app, which can subsequently be used to engage with decentralised applications

The platform allows users to store and manage account keys, broadcast transactions, send and receive Ethereum-based cryptocurrencies and tokens, and securely connect to decentralised applications using a compatible web browser or the mobile app's built-in browser. Developers connect Metamask to their decentralised applications by using a JavaScript plugin such as Web3js or Ethers to define interactions between Metamask and Smart Contracts.