‘Demonic’ Vulnerability Affecting Crypto Wallets Patched by Metamask, Brave, Phantom

On the 15th of June, several companies providing crypto wallets – as well as the cybersec firm responsible for finding exploits – announced the existence and subsequent patching of a security issue affecting browser extension-based wallets.

The vulnerability, codenamed “Demonic,” was discovered by security researchers at Halborn, who approached affected companies last year. They have now gone public with their findings, having allowed affected parties to fix the issue beforehand in a bid to limit damage to end-users.

Metamask, xDEFI, Brave, and Phantom Affected

The Demonic exploit – officially named CVE-2022-32969 – was originally discovered by Halborn back in May 2021. It affected wallets using BIP39 mnemonics, allowing recovery phrases to be intercepted by bad actors remotely or using compromised devices, ultimately leading to a hostile takeover of the wallet.
However, the exploit needed a very specific sequence of events to take place.

To start off, this issue did not affect mobile devices. Only wallet owners using unencrypted desktop devices were vulnerable – and they would have had to import the secret recovery phrase from a compromised device. Lastly, the “Show Secret Recovery Phrase” option would have had to be used.

Halborn Receives Major Security Bounty from @MetaMask for Critical Discovery
We disclosed a critical vulnerability affecting @MetaMask, @Brave, @Phantom, @xdefi_wallet, and other browser based crypto wallets – A short on the vulnerability and how to protect yourselves:

— Halborn (@HalbornSecurity) June 15, 2022

Halborn promptly reached out to the four companies found to be endangered by the exploit, and work began in secret to fix the issue before it could be discovered by black hat hackers.

“Due to the severity of the vulnerability and the number of impacted users, technical details were kept confidential until a good faith effort could be made to contact affected wallet providers.

Now that the wallet providers have had the opportunity to remediate the issue and migrate their users to secure recovery phrases, Halborn is providing in-depth details to raise awareness of the vulnerability and help prevent similar ones in the future.”

Issue Solved, Vigilantes Rewarded

Metamask dev Dan Finlay published a blog post urging users to update to the latest version of the wallet in order to benefit from the patch, which nullifies the issue. Finlay also asked them to pay attention to security in general, keeping devices encrypted at all times.

The blog post also announced the payout of $50k to Halborn for the discovery of the vulnerability as a part of Metamask’s bug bounty program, which pays out sums between $1k and $50k, depending on severity.

Phantom also issued a statement on the matter, confirming the vulnerability was patched for its users by April 2022. The company also welcomed Oussama Amri – the expert behind Halborn’s discovery – to Phantom’s cybersec team.

1/ As of April 2022, Phantom users are protected from the “Demonic” critical vulnerability in crypto browser extensions.

Another exhaustive patch is rolling out next week that we believe will make @Phantom the safest from “Demonic” in the industry. https://t.co/bKE1olpzng

— Phantom (@phantom) June 15, 2022

All parties involved urged concerned users to ensure they have upgraded to the latest version of the wallet and to reach out to the respective security teams for any additional issues.

Related Posts

1M Aussies will enter crypto over the next 12 months — Swyftx survey

The findings come from the Annual Australian Crypto Survey, commissioned by Australian crypto exchange Swyftx. Approximately one million Australians will purchase cryptocurrency for the first time over…

NFTs In A Nutshell: A Weekly Review

There’s more NFT debates this week, with Apple policy at the forefront. Meanwhile, for one region, numbers show that NFTs are leading the charge for crypto volumes,…

US Court Authorizes IRS to Issue Summons for Crypto Investors’ Records

The Internal Revenue Service (IRS) has obtained a “court order authorizing summons for records relating to U.S. taxpayers who failed to report and pay taxes on cryptocurrency…

5 altcoins that could turn bullish if Bitcoin price stabilizes

If Bitcoin price stabilizes and begins to consolidate, these five altcoins could see strong upside. The major United States stock market indices continued their decline last week…

Bulls and Bears in Crypto: When is the Right Time to Buy or Sell?

Bulls and Bears: The bronze sculpture of a bull has long become a symbol of Wall Street – the historic center of New York’s financial district. Alternating…

Ripple and Armin van Buuren’s Armada Music to Launch an Album in the Metaverse

The blockchain company Ripple joined forces with the music integration platform Styngr and the record label Armada Music to release an exclusive album in Maladroids (a video…

Generated by Feedzy