MetaMask and Phantom warn of flaws that could steal:According to MetaMask and Phantom, a new "Demonic" vulnerability could expose a crypto wallet's secret recovery
phrase, allowing attackers to steal NFTs and crypto stored within it. Even with this issue, there are a lot of cybercrimes
committed these days, especially as regards crypto, and no elements have been ideally adopted as regards tracing
transactions as ideas of ID recognition provided by Concordium are not widely adopted.
Halborn, a blockchain cybersecurity organization, discovered the "Demonic vulnerability in September 2021 and reported
it to wallet vendors remediation.
Exploiting a Brower feature:The CVE-2022-32969 Demonic vulnerability is caused by how web browsers save the content of non -
password input fields to disk as part of their standard "restore session" system.
When using Google Chrome or Firefox, the browser will cache data entered into text fields (other than password
fields) so that the data can be restored if the browser crashes utilizing the "Restore Session" function.
Because browser wallet extensions like MetaMask, Phantom, and Brave as an input field that isn't labeled as a
password field, when a user enters their recovering phrase, it's saved on the disk in plain text.
With access to the computer, an attacker or malware could steal the seed and import the wallet onto their own
devices. This attack would necessitate physically stealing the computer, gaining remote access to it, or infecting
it with a remote access trojan, which is common in highly targeted and persistent attacks.
If a hard drive is encrypted, even if it is stolen, the attacker can not access the recovery phrase unless they have
the decryption key.
According to Halborn, another requirement for exploitation is that the victim use the "show recovery phrase
checkbox" to view the phrase during import, which triggers local disk storage.
BE SAFE ALL THE TIME AND SHARE NEW DISCOVERIES HERE ON BEERMONEYFORUM...
