Bitcoin
Bitcoin (BTC)
$97,069.00 4.27442
Bitcoin price
Ethereum
Ethereum (ETH)
$3,139.50 0.7942
Ethereum price
BNB
BNB (BNB)
$612.94 -0.17214
BNB price
Solana
Solana (SOL)
$242.15 2.15853
Solana price
XRP
XRP (XRP)
$1.11 2.6391
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000241 -1.66886
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -4.72749
Pepe price
Bonk
Bonk (BONK)
$0.0000522 -8.16432
Bonk price
dogwifhat
dogwifhat (WIF)
$3.20 -4.79315
dogwifhat price
Popcat
Popcat (POPCAT)
$1.56 -10.6582
Popcat price
Bitcoin
Bitcoin (BTC)
$97,069.00 4.27442
Bitcoin price
Ethereum
Ethereum (ETH)
$3,139.50 0.7942
Ethereum price
BNB
BNB (BNB)
$612.94 -0.17214
BNB price
Solana
Solana (SOL)
$242.15 2.15853
Solana price
XRP
XRP (XRP)
$1.11 2.6391
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000241 -1.66886
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -4.72749
Pepe price
Bonk
Bonk (BONK)
$0.0000522 -8.16432
Bonk price
dogwifhat
dogwifhat (WIF)
$3.20 -4.79315
dogwifhat price
Popcat
Popcat (POPCAT)
$1.56 -10.6582
Popcat price
Bitcoin
Bitcoin (BTC)
$97,069.00 4.27442
Bitcoin price
Ethereum
Ethereum (ETH)
$3,139.50 0.7942
Ethereum price
BNB
BNB (BNB)
$612.94 -0.17214
BNB price
Solana
Solana (SOL)
$242.15 2.15853
Solana price
XRP
XRP (XRP)
$1.11 2.6391
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000241 -1.66886
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -4.72749
Pepe price
Bonk
Bonk (BONK)
$0.0000522 -8.16432
Bonk price
dogwifhat
dogwifhat (WIF)
$3.20 -4.79315
dogwifhat price
Popcat
Popcat (POPCAT)
$1.56 -10.6582
Popcat price
Bitcoin
Bitcoin (BTC)
$97,069.00 4.27442
Bitcoin price
Ethereum
Ethereum (ETH)
$3,139.50 0.7942
Ethereum price
BNB
BNB (BNB)
$612.94 -0.17214
BNB price
Solana
Solana (SOL)
$242.15 2.15853
Solana price
XRP
XRP (XRP)
$1.11 2.6391
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000241 -1.66886
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -4.72749
Pepe price
Bonk
Bonk (BONK)
$0.0000522 -8.16432
Bonk price
dogwifhat
dogwifhat (WIF)
$3.20 -4.79315
dogwifhat price
Popcat
Popcat (POPCAT)
$1.56 -10.6582
Popcat price

Metamask Fixes Bug Enabling Hackers to Extract Seed Phrases from Web Extensions Versions 10.11.3 and Above

News
Metamask Fixes Bug Enabling Hackers to Extract Seed Phrases from Web Extensions Versions 10.11.3 and Above

Security experts from Halborn have found an example where a user’s seed phrase of web-based wallet extensions like Metamask was left unencrypted. However, the instance only puts those using the Metamask extension versions below 10.11.3.

Some Wallet Extensions Pose a Risk to Users’ Crypto Keys

Halborn Blockchain Security researchers have found a way in which hackers can extract seed phrases from a disk of a hacked computer. The breach involves web-based wallet extensions, such as Metamask; they said those with versions 10.11.3 and above are not at risk. Moreover, the experts pointed out that the breach scenario doesn’t affect Metamask Mobile wallets.

The security experts acknowledged that aside from Metamask, other web-based wallets could also face the vulnerability. Nonetheless, they gave three situations that could put a user’s crypto keys at risk. 

The first is if you have an unencrypted hard drive. The second is if you imported the recovery phrase to the Metamask web extension using a device that is not in your possession. Lastly, if you checked the ‘Show Secret Recovery Phrase’ checkbox to see your keys as you are importing them.  

The Affected Parties

According to Halborn, all desktop OS and browsers, Metamask extension versions before 10.11.3 on every browser, Windows, Linux, macOS, Firefox, and Chrome are not safe. The vulnerability has a high risk to those whose devices have been hacked as they are importing their seed phrases to web wallet extensions.

A web developer working for Metamask has provided ways to mitigate the issues, giving the following statement:

“If your computer is not physically secure from people you do not trust, we recommend you enable full disk encryption on your system. Additionally, you are not affected by this if your funds are managed by a hardware wallet.”

A password manager startup, 1Password, shed light on the report saying,

“This is a well-known issue that’s been publicly discussed many times before, but any plausible cure may be worse than the disease.”

The team at Metamask believes using a password manager could help protect you from such breaches, although the managers are not 100% safe.

AMD and Intel CPUs are also Vulnerable

As reported yesterday by crypto.news, hackers can leverage a vulnerability on AMD and Intel CPUs to steal a user’s seed phrase. Via a side-channel glitch called Hertzbleed, hackers can make away with private keys by looking at the power signature as cryptographic processes occur. Intel described the extent of the vulnerability, saying the attack could take place on servers remotely.

Intel revealed that all its modern models are at risk, while AMD said Alton, Ryzen, and EPYC versions are susceptible. The startups provided a way to shield users from the breaches, which involved disabling computer frequency scaling. However, the actions, as explained by the companies, could cause extensive damage to every CPU’s performance. AMD gave further insight into the matter, saying,

“As the vulnerability impacts a cryptographic algorithm having power analysis-based side-channel leakages, developers can apply countermeasures on the software code of the algorithm. Either masking, hiding or key-rotation may be used to mitigate the attack.”