MetaMask said on Wednesday that it had found a major security flaw in earlier versions of its bitcoin wallet with the help of security experts from Halborn. The security company got a reward of $50,000 for making the discovery.
Users of the MetaMask extension before version 10.11.3 could have been affected by the possible vulnerability in three ways. Unencrypted hard drive, importing a secret recovery phrase into a MetaMask extension on a hacked, stolen, or unauthorized device, and turning on the “Show Secret Recovery Phrase” option to show one’s secret recovery phrase on the screen while the import is happening.
“We’ve only found that the Secret Recovery Phrase could be extracted under very specific circumstances, and we’ve been able to introduce new protections over the period that Halborn has waited to disclose.”
The attack seems to affect all browser versions of MetaMask wallets before update 10.11.3, as well as all operating system platforms, except for mobile versions, if all three requirements are met.
MetaMask suggests that users who were affected take their money out of compromised wallets. Note, though, that the MetaMask vulnerability could only have been used in earlier versions if all three conditions were met.
The post MetaMask warns previous bitcoin wallet versions are insecure appeared first on NFT News Pro.