A number of prominent browser extension wallets, including Ethereum (ETH) wallet MetaMask, Solana (SOL)'s Phantom, Brave, and cross-chain wallet extension XDefi, have patched a "critical vulnerability" that could have exposed sensitive login credentials if specific conditions were met.
The wallet providers claim the vulnerability has not been exploited by bad attackers, meaning no user funds were stolen using this vector of attack.
In a blog post, MetaMask detailed that the issue did not impact MetaMask Mobile users and only affected "a small segment of MetaMask Extension users as well as users of other browser/extension wallets."
The popular Ethereum wallet said that they have since implemented updates to solve the issue, claiming that it does not affect users of the MetaMask Extension versions 10.11.3 and later. MetaMask added that users need to worry only if all of the following conditions are met:
“If your computer is not physically secure from people you do not trust, we recommend you enable full disk encryption on your system,” MetaMask said. “Additionally, you are not affected by this if your funds are managed by a hardware wallet.”
Solana's Phantom, a self-custodial wallet for decentralized finance (DeFi), also confirmed they were affected by the issue, saying they were first notified about the vulnerability in September 2021.
"After some investigation and an official audit, fixes began rolling out in January 2022 and by April, Phantom users became protected from this critical vulnerability," Phantom claimed, adding that they will release "an even more exhaustive patch" next week.
The security vulnerability was discovered and reported to all affected wallet browsers by blockchain security firm Halborn. "We disclosed a
Read more on cryptonews.com