‘Demonic’ Threat Looms Large Over Crypto Wallets, Metamask and Phantom Deploy Security Patches

A cyber vulnerability, codenamed ‘Demonic’, has been risking the networks of crypto wallets like Metamask, Brave, and Phantom. The threat discovered last year is now being addressed publicly to make people aware and limit any damage that may be caused to them. If Demonic were to latch on to a crypto wallet, it could lead to its hostile takeover. This issue is known to impact those people who access their crypto wallets via unencrypted desktop browsers.

Blockchain security firm Halborn informed the affected wallet providers about the issue while suggesting a quick deployment of security updates.

⚠Holborn Receives Major Security Bounty from @MetaMask for Critical Discovery⚠We disclosed a critical vulnerability affecting @MetaMask, @Brave, @Phantom, @xdefi_wallet, and other browser-based crypto wallets – A short :thread: on the exposure and how to protect :closed_lock_with_key: yourselves:

— Halborn (@HalbornSecurity) June 15, 2022

Soon after, Metamask published a blog on Medium informing users that the vulnerability had been fixed.

“Security researchers at Holborn have disclosed an instance where a Secret Recovery Phrase used by web-based wallets like MetaMask could be extracted from the disk of a compromised computer under some conditions. We have since implemented mitigations for these issues, so these should not be problems for users of the MetaMask Extension versions 10.11.3 and later,” the post read.

The Demonic was active on Windows and macOS browsers and functional on Linux, Google Chrome, Chromium, and Firefox browsers.

In its blog, Metamask explained that the vulnerability is most likely to affect users who had a device compromised or stolen soon after importing their Secret Recovery Phrase into the servers of their crypto wallet providers.

Crypto Wallets

Phantom, the Solana-based DeFi and NFT wallet, also issued a statement acknowledging that the company claims Demonic was a potential issue, which has now been tackled.

“After some investigation and an official audit, fixes began rolling out in January 2022, and by April, Phantom users became protected from this critical vulnerability. An even more exhaustive patch is rolling out next week that we believe will make Phantom’s browser extension the safest from this vulnerability in the industry,” the company wrote in a post.

1/ As of April 2022, Phantom users are protected from the “Demonic” critical vulnerability in crypto browser extensions.

Another exhaustive patch that we believe will make @Phantom the safest from “Demonic” in the industry is rolling out next week. https://t.co/bKE1olpzng

— Phantom (@phantom) June 15, 2022

Holborn recommends people who use crypto wallets via browsers migrate to a new set of accounts as soon as possible.

“Rotating passwords/keys and using a hardware wallet in conjunction with the browser-based wallet can also increase users’ security. Enabling local disk encryption is another best practice that mitigates this issue,” the security research firm added.

For now, details on how many wallets have been affected by Demonic remains unknown.

So far in 2022, cybercriminals have stolen $1.7 billion (roughly Rs. 13,210 crore) in digital assets, with Decentralised Finance (DeFi) protocols accounting for 97 percent of the total, a report by Chainalysis recently claimed.

The $600 million (roughly Rs. 4,660 crores) Ronin bridge breach in late March and the $320 million (roughly Rs. 2,486 crores) Wormhole attack in February were the main sources of the loot.

Bella E. McMahon
I am a freelance writer who started blogging in college. I am fascinated by human nature, politics, culture, technology, and pop culture. In addition to my writing, I enjoy exploring new places, trying out new things, and engaging in conversations with new people. Some of my favorite hobbies are reading, playing music, making crafts, writing, traveling, and spending time with my family.