Halborn, a blockchain security firm, in a new report highlighted that browser-based crypto wallets are vulnerable to hacking. It found that popular crypto wallets like MetaMask, Brave and Phantom can be compromised under specific computer conditions. This revelation is another blow to investors as they are already reeling from the market crash. It should be noted that billions of dollars are stored in software wallets.
The report stated that the condition can expose a crypto wallet user’s secret recovery phrase. This can be used to change the private key. Halborn reached out to the wallet providers and helped fix the vulnerability. Steven Walbroehl, Halborn’s chief security officer and co-founder, pointed out that crypto exchanges like Coinbase or Binance hold custody of those keys on behalf of their customers. He explained that the impact is only for those that self-custody the assets. Onus is on the user to take it seriously, upgrade the wallets to the patched version listed on the wallet developer’s websites. Users also have rotate their mnemonic phrase if they feel they are at risk.
Dan Finlay, the founder and group manager at MetaMask, in a blog post urged users to remember that its their responsibility to keep their computer secure. He said no wallet or software can keep itself safe if the system it operates is compromised. Finlay advised users to learn how to avoid installing a virus on their computer. Phantom said users should diversify their wallets to protect themselves on Web3. This will help minimize risks. It also urged users to use hardware wallets to store large amounts of assets and currencies.
Walbroehl share other mitigations – storing the mnemonic phrase or key on a hardware-based wallet like Tezor or Ledger. He explained that the wallets still work with software wallets like MetaMask when physically connected with a USB cable. It protects the keys from hackers that may access the user’s disk.