Amid troubles with some user wallets due to a vulnerability, METAMASK explained the issue is not as big as perceived. According to security researchers at Halborn, a blockchain security firm, the bug affects a small segment of users. The affected users are found across many browser-based wallets including MetaMask.
Importantly, the vulnerability that makes it possible to extract the Secret Recovery Phrase is said to be resolved eventually. However, the MetaMask team said they can not make guarantees about a specific timeline. Also, the bug does not affect MetaMask Mobile.
Vulnerability Affects Small Segment Of Wallets
Researchers said the Metamask security threat caused in rare edge cases was fixed for MetaMask Extension versions 10.11.3 and later. Dan Finlay, a developer working on MetaMask, said the bug impacts a small segment of MetaMask Extension users as well as users of other browser/extension wallets.
The researchers explained that users could be at risk if three conditions apply to the individual wallets. If the user’s hard drive is unencrypted and the user imported Secret Recovery Phrase into a MetaMask extension on a different device, besides one more condition, the user is at risk. Another condition is that at the same time, the user used the ‘Show Secret Recovery Phrase’ checkbox to view the Phrase on-screen.
“This vulnerability is most likely to affect users who had a device compromised after importing Secret Recovery Phrase into MetaMask.”
