‘Demonic’ Threat Looms Large Over Crypto Wallets, Metamask and Phantom Deploy Security Patches

If Demonic was to latch on-to a crypto wallet, it could lead to the wallet’s hostile takeover.

By Radhika Parashar | Updated: 17 June 2022 15:10 IST

‘Demonic’ Threat Looms Large Over Crypto Wallets, Metamask and Phantom Deploy Security Patches

Photo Credit: Reuters

People who use crypto wallets via browsers must migrate to a new set of accounts

Highlights

The vulnerability has been in existence since 2021
Discussions have opened around it to make people aware
Brave and other affected wallets yet to release statement

A cyber vulnerability, codenamed ‘Demonic', has been risking the networks of crypto wallets like Metamask, Brave, and Phantom. The threat, that was discovered last year, is now being addressed publicly to make people aware and limit any damage that may be caused to them. If Demonic was to latch on-to a crypto wallet, it could lead to the wallet's hostile takeover. This issue is known to impact those people who access their crypto wallets via unencrypted desktop browsers.

Blockchain security firm Halborn has informed the affected wallet providers about the issue, while suggesting the deployment of a quick security update.

⚠Halborn Receives Major Security Bounty from @MetaMask for Critical Discovery⚠
We disclosed a critical vulnerability affecting @MetaMask, @Brave, @Phantom, @xdefi_wallet, and other browser based crypto wallets - A short :thread: on the vulnerability and how to protect :closed_lock_with_key: yourselves:
— Halborn (@HalbornSecurity) June 15, 2022

Soon after, Metamask published a blog on Medium informing users that the vulnerability has been fixed.

“Security researchers at Halborn have disclosed an instance where a Secret Recovery Phrase used by web-based wallets like MetaMask could be extracted from the disk of a compromised computer under some conditions. We have since implemented mitigations for these issues, so these should not be problems for users of the MetaMask Extension versions 10.11.3 and later,” the post read.

Elon Musk Sued for $258 Billion Over Alleged Dogecoin Pyramid Scheme

The Demonic was not just active on Windows and macOS browsers, but was also functional on Linux, Google Chrome, Chromuim, and Firefox browsers.

In its blog Metamask explained that the vulnerability is most likely to affect users who had a device compromised or stolen soon after importing their Secret Recovery Phrase into the servers of their crypto wallet providers.

Phantom, the Solana-based DeFi and NFT wallet also issued a statement acknowledging that Demonic was a potential issue, which the company claims, has now been tackled.

Bitcoin Rallies Past $22,000 as US Federal Reserve Ups Interest Rate

“After some investigation and an official audit, fixes began rolling out in January 2022 and by April, Phantom users became protected from this critical vulnerability. An even more exhaustive patch is rolling out next week that we believe will make Phantom's browser extension the safest from this vulnerability in the industry,” the company wrote in a post.

1/ As of April 2022, Phantom users are protected from the "Demonic" critical vulnerability in crypto browser extensions.

Another exhaustive patch is rolling out next week that we believe will make @Phantom the safest from "Demonic" in the industry. https://t.co/bKE1olpzng
— Phantom (@phantom) June 15, 2022

Halborn recommends people who use crypto wallets via browsers to migrate to a new set of accounts as soon as possible.

“Rotating passwords/keys and the use of a hardware wallet in conjunction with the browser-based wallet can also provide increased security for users. Enabling local disk encryption is another best practice which mitigates this issue,” the security research firm added.

For now, details on how many wallets have been affected by Demonic remains unknown.

So far in 2022, cyber criminals have stolen $1.7 billion (roughly Rs. 13,210 crore) in digital assets with Decentralised Finance (DeFi) protocols accounting for 97 percent of the total, a report by Chainalysis had recently claimed.

The $600 million (roughly Rs. 4,660 crore) Ronin bridge breach in late March and the $320 million (roughly Rs. 2,486 crore) Wormhole attack in February were the main sources of the loot.

Missed Apple's WWDC 2022? We discuss every major announcement on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, Metamask, Phantom, Crypto Wallet, Demonic

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More