Malware, Risk Assessments/Management, Vulnerability Management

Cryptocurrency wallets at risk of new Demonic flaw

Cryptocurrency wallet providers MetaMask and Phantom have issued advisories warning users regarding the novel Demonic flaw, which could be exploited to compromise their wallets' secret recovery phrases, or seeds, and facilitate the theft of all stored cryptocurrency and NFTs, BleepingComputer reports. Threat actors could abuse the vulnerability, tracked as CVE-2022-32969, provided they have physical or remote access to targeted computers, or leverage a remote access trojan targeted at web browsers' feature for saving non-password input fields, according to Halborn, which discovered the bug last September. MetaMask has already released a fix in wallet extension version 10.11.3, while the critical vulnerability was addressed by Phantom in April. Demonic was also remediated in xDefi version 13.3.8, but Brave has yet to provide a statement regarding the flaw. Individuals who may have been impacted by the bug are urged to transfer their assets to a new account. Disk encryption has also been recommended for users with substantial digital assets.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.