Metamask Shares Details on Extension Disk Encryption Issue
Metamask released info on Wednesday about an Extension Disk Encryption Issue. Security researchers at Halborn Security disclosed a wallet vulnerability that affects many browser-based crypto wallets including MetaMask. Halborn Security was rewarded $50,000 per their recent bug bounty program for discovering this issue. The issues should not be problems for users who are on the MetaMask Extension versions 10.11.3 and later.
A Secret Recovery Phrase could be discovered within a device’s storage if a user fell into the following circumstances:
- The user's hard drive was unencrypted
- The user imported an SRP into MetaMask (v10.11.2 or prior) on a computer that was compromised or in possession of someone else
- The wallet holder used the “Show Secret Recovery Phrase” checkbox to view the SRP onscreen during the import process
MetaMask has encouraged users who fall into the above circumstances to migrate their accounts as soon as possible.
MetaMask introduced new protections to reduce the risk for its users.