Cryptocurrency wallet providers MetaMask and Phantom have issued advisories warning users regarding the novel Demonic flaw, which could be exploited to compromise their wallets' secret recovery phrases, or seeds, and facilitate the theft of all stored cryptocurrency and NFTs, BleepingComputer reports.
Threat actors could abuse the vulnerability, tracked as CVE-2022-32969, provided they have physical or remote access to targeted computers, or leverage a remote access trojan targeted at web browsers' feature for saving non-password input fields, according to Halborn, which discovered the bug last September.
MetaMask has already released a fix in wallet extension version 10.11.3, while the critical vulnerability was addressed by Phantom in April.
Demonic was also remediated in xDefi version 13.3.8, but Brave has yet to provide a statement regarding the flaw.
Individuals who may have been impacted by the bug are urged to transfer their assets to a new account. Disk encryption has also been recommended for users with substantial digital assets.
Malware, Risk Assessments/Management, Vulnerability Management
Cryptocurrency wallets at risk of new Demonic flaw
Share
Related Events
Related Terms
AdwareBritish Standard 7799BugBusiness Impact Analysis (BIA)Competitive IntelligenceData CustodianDisassemblyDue DiligenceRiskRisk AssessmentGet daily email updates
SC Media's daily must-read of the most current and pressing daily news