skip to Main Content
bitcoin
Bitcoin (BTC) $ 98,844.48 0.29%
ethereum
Ethereum (ETH) $ 3,339.42 0.56%
tether
Tether (USDT) $ 1.00 0.15%
solana
Solana (SOL) $ 256.81 2.00%
bnb
BNB (BNB) $ 641.74 1.05%
xrp
XRP (XRP) $ 1.56 13.99%
dogecoin
Dogecoin (DOGE) $ 0.42913 9.57%
cardano
Cardano (ADA) $ 1.09 25.26%
usd-coin
USDC (USDC) $ 1.00 0.22%
staked-ether
Lido Staked Ether (STETH) $ 3,337.70 0.55%

‘Demonic’ Vulnerability Affecting Crypto Wallets Patched by Metamask, Brave, Phantom

On the 15th of June, several companies providing crypto wallets – as well as the cybersec firm responsible for finding exploits – announced the existence and subsequent patching of a security issue affecting browser extension-based wallets.

The vulnerability, codenamed “Demonic,” was discovered by security researchers at Halborn, who approached affected companies last year. They have now gone public with their findings, having allowed affected parties to fix the issue beforehand in a bid to limit damage to end-users.

Metamask, xDEFI, Brave, and Phantom Affected

The Demonic exploit – officially named CVE-2022-32969 – was originally discovered by Halborn back in May 2021. It affected wallets using BIP39 mnemonics, allowing recovery phrases to be intercepted by bad actors remotely or using compromised devices, ultimately leading to a hostile takeover of the wallet.
However, the exploit needed a very specific sequence of events to take place.

To start off, this issue did not affect mobile devices. Only wallet owners using unencrypted desktop devices were vulnerable – and they would have had to import the secret recovery phrase from a compromised device. Lastly, the “Show Secret Recovery Phrase” option would have had to be used.

Halborn promptly reached out to the four companies found to be endangered by the exploit, and work began in secret to fix the issue before it could be discovered by black hat hackers.

“Due to the severity of the vulnerability and the number of impacted users, technical details were kept confidential until a good faith effort could be made to contact affected wallet providers.

Now that the wallet providers have had the opportunity to remediate the issue and migrate their users to secure recovery phrases, Halborn is providing in-depth details to raise awareness of the vulnerability and help prevent similar ones in the future.”

Issue Solved, Vigilantes Rewarded

Metamask dev Dan Finlay published a blog post urging users to update to the latest version of the wallet in order to benefit from the patch, which nullifies the issue. Finlay also asked them to pay attention to security in general, keeping devices encrypted at all times.

The blog post also announced the payout of $50k to Halborn for the discovery of the vulnerability as a part of Metamask’s bug bounty program, which pays out sums between $1k and $50k, depending on severity.

Phantom also issued a statement on the matter, confirming the vulnerability was patched for its users by April 2022. The company also welcomed Oussama Amri – the expert behind Halborn’s discovery – to Phantom’s cybersec team.

All parties involved urged concerned users to ensure they have upgraded to the latest version of the wallet and to reach out to the respective security teams for any additional issues.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top