Metamask Shares Details on Extension Disk Encryption Issue

Metamask Shares Details on Extension Disk Encryption Issue

Metamask released info on Wednesday about an Extension Disk Encryption Issue. Security researchers at Halborn Security disclosed a wallet vulnerability that affects many browser-based crypto wallets including MetaMask. Halborn Security was rewarded $50,000 per their recent bug bounty program for discovering this issue. The issues should not be problems for users who are on the MetaMask Extension versions 10.11.3 and later. 

A Secret Recovery Phrase could be discovered within a device’s storage if a user fell into the following circumstances:

  1. The user's hard drive was unencrypted
  2. The user imported an SRP into MetaMask (v10.11.2 or prior) on a computer that was compromised or in possession of someone else
  3. The wallet holder used the “Show Secret Recovery Phrase” checkbox to view the SRP onscreen during the import process

MetaMask has encouraged users who fall into the above circumstances to migrate their accounts as soon as possible.

MetaMask introduced new protections to reduce the risk for its users.

Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.