Only wallet owners using unencrypted desktop devices were vulnerable – and they would have had to import the secret recovery phrase from a compromised device. To start off, this issue did not affect mobile devices. However, the exploit needed a very specific sequence of events to take place. It affected wallets using BIP39 mnemonics, allowing recovery phrases to be intercepted by bad actors remotely or using compromised devices, ultimately leading to a hostile takeover of the wallet. The Demonic exploit – officially named CVE-2022-32969 – was originally discovered by Halborn back in May 2021. Metamask, xDEFI, Brave, and Phantom Affected They have now gone public with their findings, having allowed affected parties to fix the issue beforehand in a bid to limit damage to end-users. The vulnerability, codenamed “Demonic,” was discovered by security researchers at Halborn, who approached affected companies last year. On the 15th of June, several companies providing crypto wallets – as well as the cybersec firm responsible for finding exploits – announced the existence and subsequent patching of a security issue affecting browser extension-based wallets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |