Short
- Near Protocol revealed this week that it discovered a wallet vulnerability in June that could have exposed users’ seed phrases.
- The issue was reportedly decided in June, but only came to the public’s attention this week.
blockchain network close to protocol has disclosed a security breach that was discovered in June that could have resulted in a third-party service gaining access to seed phrases for a user Purse,
Near shared a blog post About the breach on Thursday, which was reported to the team by security firm Hackxyk on June 6. At that point, the platform lets users set an email address or phone number as a recovery option for Near Wallet, allowing them to access the wallet via email or SMS.
However, the recovery system potentially exposes users’ seed phrases—the private keys used to recover access to the crypto wallet—in the process. According to a tweet thread From Hackxyk, using the email recovery option will cause the seed phrase to be leaked to a specific third party, analytics platform mixpanel,
“It allows anyone to access [the] To gain access to the Mixpanel access log, or to everyone who clicks the link in the recovery email to the Mixpanel account owner (such as Near Dev), “Hackxyk tweeted. “A possible scenario would be [that] Mixpanel owner’s account got compromised.”
Near said the issue was resolved on the day it was reported, the leaked information was removed, and it was identified who may have access to it. Hackxyk was also paid a bug bounty for detecting the breach. However, the security incident was apparently not revealed to the public until Haxic did so on Wednesday via Twitter.
Hacxyk Shares This Week’s Technical Similarity Cause Near Breach Solana Wallet Hack, In the case of solana, A mobile wallet called Slope There was a vulnerability that enabled users’ private keys to be accessed by potential attackers.
Ultimately, nearly $6 million worth of cryptocurrency and tokens were swiped from more than 10,500 unique Solana wallets, according to updated data from Blockchain Explorer. SoulScan,
Nearby reports state that its problem was handled before any damage was done to users’ wallets. “To date, we have found no indication of compromise relating to the accidental collection of this data, nor do we have reason to believe that this data persists anywhere,” Near’s post reads.
Nevertheless, Near recommends that any user who previously enabled the email or SMS recovery option rotates the keys attached to their wallet, as well as disables the recovery option. Near is no longer allowing the newly created wallet to use the email or SMS recovery option.
Meanwhile, hacky, recommended That anyone who previously selected the email recovery option transfers their assets to a new wallet, just to be safe.
The NEAR token is up about 15% over the past 24 hours at its current price of $5.13 per token, according to coingeco, The broader crypto market has grown only 2% during that period.