MetaMask and Phantom have fixed a critical vulnerability in their browser extension wallet that revealed users’ secret recovery phases.
The announcement noted that users may still be susceptible to the vulnerability coded ‘Demonic’ unless they move their funds to a new wallet with the latest wallet software models.
A new report adds that some renowned browser extensions have suffered from a key vulnerability that has exposed users’ secret recovery phases to possible theft.
A report from cybersecurity company Halborn shows that other crypto wallets which have been suffering from vulnerability in their browser extension include Brave and xDefi.
Halborn says that the insecure permissions vulnerability enabled the browser extension cryptocurrency wallet to save the content of non-password inputs, including mnemonic keys. The risk was faced by all users who have imported browser extension crypto wallets using the secret recovery phrase.
Solana’s Phantom wallet recently announced that they had been alerted of the Demonic vulnerability and had begun fixing it. MetaMask also confirmed that it had solved the vulnerability in version 10.11.3.