MetaMask warns of security vulnerability from older versions of popular crypto wallet
On Wednesday, MetaMask said that it uncovered a critical security vulnerability in older versions of its crypto wallet with the help of security researchers at Halborn. The security firm was awarded a bounty of $50,000 for the discovery.
For users of the MetaMask extension before version 10.11.3, three necessary conditions would have led to the potential vulnerability. They are: (1) an unencrypted hard drive, (2) having imported a secret recovery phrase into a MetaMask extension on a device that was compromised, stolen, or has unauthorized access, and (3) having used the "Show Secret Recovery Phrase" checkbox to view one's secret recovery phrase on-screen during the import process.
Apparently, the exploit affects all browser versions of MetaMask wallet versions prior to the 10.11.3 update, and all operating systems if all three circumstances were met, but not mobile versions.
MetaMask is warning affected users to migrate their funds from their compromised wallets. However, keep in mind that all three conditions need to have been met for the vulnerability to be active on older versions of MetaMask.
Read more on cointelegraph.com
