Security Threat Exposed for Browser-based Crypto Wallets

MetaMask, Phantom, Brave and other browser-based crypto wallets say no known user funds have been affected

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • The discovered vulnerability exposes browser wallet users’ secret recovery phrases
  • Affected wallet providers were contacted, and the vulnerability was kept confidential until the security issues were remediated

A number of popular browser-based crypto wallets are vulnerable to hacking under certain conditions, according to new research. 

Blockchain security firm Halborn found several instances where wallets including Brave, MetaMask and Phantom can be compromised under specific computer conditions — adding yet another wrinkle to traders still reeling from recent high-profile decentralized finance (DeFi) hacks. 

The conditions can expose a crypto wallet user’s secret recovery phrase (a series of words generated that gives the owner access to their crypto), which can then be used to change their private key. All told, billions of dollars of digital assets are stored in software wallets. 

Affected wallet providers were contacted and the vulnerability was kept under wraps until the security issues were remediated.

Who is affected? 

Users who meet the following conditions may be at risk:

  • Users who have unencrypted hard drives
  • Users who have previously imported their secret recovery phrase into a web extension on a device that is in the possession of someone else or have had their computer compromised
  • Users who have used the “show secret recovery phrase” checkbox to view their secret recovery phrase on-screen during the import process

Cryptocurrency wallets like the ones impacted by this vulnerability, such as Metamask, are a self-custody wallet — meaning users alone are responsible for safeguarding their private keys. 

“Exchanges like Coinbase or Binance usually hold custody of those keys on the behalf of their customers,” Steven Walbroehl, Halborn’s chief security officer and co-founder, told Blockworks.

“This impact is only for those that self-custody those assets, and it is the users’ responsibility to take it seriously, upgrade the wallets to the patched version listed on the wallet developer’s websites, and to rotate their mnemonic phrase if they think it may be at risk,” Walbroehl said. 

MetaMask has asked users to update their extension versions to 10.11.3 and later and to “take the time to enable full disk encryption on computers.”

Echoing Walbroehl, Dan Finlay, founder and group manager at MetaMask wrote in a blog post that users should “remember that it’s your responsibility to keep your computer secure. No wallet or software can keep itself safe if the system it runs on is compromised. Take time to learn how to avoid installing a virus on your computer.” 

Phantom, meanwhile, wrote in a blog post that to protect themselves on Web3, on top of general internet safety measures, users should diversify their wallets to minimize risk and use hardware wallets to store large amounts of assets and currencies.

“Other mitigations include storing the mnemonic phrase/key on a hardware-based wallet like Trezor or Ledger. These wallets still work with software wallets like Metamask when physically connected via a USB cable…but it protects the keys from attackers that may access your disk,” Walbroehl said.

Halborn has been rewarded $50,000. The wallet providers did not immediately return requests for comment.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

kamino cover.jpg

Research

Kamino has solidified its position as the leading money market on Solana and is emerging as a DeFi bluechip. Although DeFi competition is fierce, Kamino has kept iterating on its product to provide the best-in-class UX, paired with a robust risk management framework and battle-tested infrastructure. Given the rollout of Kamino Lend V2, the protocol may scale aggressively over the coming months, penetrating previously untapped markets in Solana DeFi.

article-image

Also in the tokenized fund space, Franklin Templeton launches on Base and Securitize hits $1 billion in tokenized RWA onchain

article-image

It turns out that bitcoin never actually hit an all-time high in March. Thanks a lot, inflation.

article-image

Spire, Citrea and Nillion also announced raises this week

article-image

The latest recipient of an SEC Wells notice is a Web3 gaming company

article-image

Thursday’s selloff was led by tech stocks, triggered by disappointing outlooks from giants Meta and Microsoft

article-image

Historically, positive returns have been a bit more of a toss-up during the year’s 11th month