Vulnerability found in older versions of the MetaMask wallet

Security researchers from Halborn discovered a vulnerability affecting most browser wallets, including MetaMask. The issue affects a small segment of users.

Security researchers at @HalbornSecurity have disclosed a wallet vulnerability that affects a small segment of users across many browser-based wallets, including MetaMask.https://t.co/2tBl8BfISA

1/ 🧵

— MetaMask 🦊💙 (@MetaMask) June 15, 2022

Experts disclosed a case in which, under certain conditions, the recovery seed phrase used by web wallets could be retrieved from the disk of a compromised computer.

Developers fixed the vulnerability in MetaMask Extension version 10.11.3.

However they warned that users may be at risk who meet the following conditions:

• the hard drive was not encrypted;
• the recovery phrase was imported on a device not belonging to the user or the computer was compromised;
• the ‘Show recovery seed phrase’ checkbox was used to display the text on the screen (image below).

The MetaMask team noted that the vulnerability stems from browsers not treating physical-access attacks as threats and from all text inputs being kept in the device’s memory. The risk can be fully eliminated only with full disk encryption.

Among other recommendations from the developers: clearing the browser cache and antivirus protection for the computer.

“Neither the wallet nor the software can protect themselves if the system in which they operate is compromised,” they noted.

Halborn received a reward of $50,000 for disclosing the vulnerability.

As reported in June 2022, the MetaMask team launched a bug bounty program in partnership with the HackerOne platform.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.