MetaMask said on Wednesday that it had found a major security flaw in earlier versions of its crypto wallet with the help of security experts from Halborn. The security company got a reward of $50,000 for making the discovery.
Users of the MetaMask extension before version 10.11.3 could have been affected by the possible vulnerability in three ways. Unencrypted hard drive, importing a secret recovery phrase into a MetaMask extension on a hacked, stolen, or unauthorized device, and turning on the “Show Secret Recovery Phrase” option to show one’s secret recovery phrase on the screen while the import is happening.
A set of very specific circumstances would have led to an exploit on older versions of MetaMask. https://t.co/r7DUzDSc71
— Cointelegraph (@Cointelegraph) June 15, 2022
“We’ve only found that the Secret Recovery Phrase could be extracted under very specific circumstances, and we’ve been able to introduce new protections over the period that Halborn has waited to disclose.”
The attack seems to affect all browser versions of MetaMask wallets before update 10.11.3, as well as all operating system platforms, except for mobile versions, if all three requirements are met.
MetaMask suggests that users who were affected take their money out of compromised wallets. Note, though, that the MetaMask vulnerability could only have been used in earlier versions if all three conditions were met.
Leave this field empty if you're human:
