Near Protocol Discloses Critical Wallet Vulnerability…

Following the attack on Solana, Near Protocol has officially disclosed details of a similar issue, which it claims has been addressed and resolved in early June. The security breach involved a third-party threat actor that gained unauthorized access to the seed phrase of their users’ wallets.

According to Neil, Hacxyk reported the violation to their team, a security company working in the Web3 space.One Hacxyk’s Twitter thread Details how the protocol’s email recovery process was exploited to leak users’ seed phrases to analytics platform Mixpanel.

Such a process “allows anyone with access to [the] Mixpanel access logs or Mixpanel account owners (such as Near developers) have access to everyone who clicks the link in the recovery email,” Hacxyk explained. Also, once a Mixpanel user’s account is stolen or entered into a hacking program as the first instance , this scene is also set.

Near Protocol said it fixed the issue the same day Hacxyk reported it, and the security firm received a bug bounty for the discovery. It wasn’t until the security firm publicly disclosed it on Twitter that Near Protocol admitted that such a breach did occur.

“To date, we have found no signs of compromise related to the accidental collection of this data, and we have no reason to believe that this data will persist anywhere,” Near Protocol said.

News of the hack comes on the heels of a recent attack on the crypto infrastructure network Solana, in which more than 5,000 wallets were initially compromised, bringing the total to nearly 10,500 after analysis. According to Near Protocol, the user’s mnemonic is exposed in a similar process. In Solana’s case, approximately $6 million worth of cryptocurrency was stolen. So far, it is unclear if any cryptocurrencies were used in the Near Protocol hack.

Currently, Near Protocol has advised all its users to generate new mnemonics and create new wallets as a primary security measure. The team is also auditing its email service partners and has put in place “enhanced security measures” to prevent such breaches from happening again.

Disclaimer: This article is for informational purposes only. It is not intended or intended to be used as legal, tax, investment, financial or other advice.

Source link

Leave a Reply

Your email address will not be published.