1. Home
  2. Recovery Phrase

Recovery Phrase

Coinbase Launches Wallet-as-a-Service to Bring Millions to Web3

Coinbase Launches Wallet-as-a-Service to Bring Millions to Web3On March 8, Coinbase announced the launch of its Wallet-as-a-Service (WaaS) product. The WaaS product aims to “bring the next hundred million consumers into Web3 through a seamless wallet-onboarding experience.” The Coinbase WaaS offers wallet infrastructure application programming interfaces (APIs) to companies, enabling them to build their own custom Web3 crypto wallets. Coinbase’s Wallet-as-a-Service Aims […]

Bitcoin Bull Market May Drive Russian Miners Underground

MetaMask warns of security vulnerability from older versions of popular crypto wallet

"Ultimately, we've learned that our password encryption feature's security was partially undermined by browser behavior," said the team at MetaMask.

On Wednesday, MetaMask said that it uncovered a critical security vulnerability in older versions of its crypto wallet with the help of security researchers at Halborn. The security firm was awarded a bounty of $50,000 for the discovery. 

For users of the MetaMask extension before version 10.11.3, three necessary conditions would have led to the potential vulnerability. They are: 1) an unencrypted hard drive, 2) having imported a secret recovery phrase into a MetaMask extension on a device that was compromised, stolen, or has unauthorized access, and 3) having used the "Show Secret Recovery Phrase" checkbox to view one's secret recovery phrase on-screen during the import process.

"We've only found that the Secret Recovery Phrase could be extracted under very specific circumstances, and we've been able to introduce new protections over the period that Halborn has waited to disclose."

Apparently, the exploit affects all browser versions of MetaMask wallet versions prior to the 10.11.3 update, and all operating systems if all three circumstances were met, but not mobile versions.

MetaMask is warning affected users to migrate their funds from their compromised wallets. However, keep in mind that all three conditions need to have been met for the vulnerability to be active on older versions of MetaMask.

Bitcoin Bull Market May Drive Russian Miners Underground