HomeCoinsEthereum (ETH)NEAR Protocol discloses breach of email and SMS data tied to user...

NEAR Protocol discloses breach of email and SMS data tied to user wallets

- Advertisement -


NEAR Protocol, a Layer 1 blockchain, notified users that SMS and email data used as recovery options in its core wallet offering were leaked to a third party in June. In a new report, NEAR said the issue was resolved before any harm was done.

NEAR Protocol’s wallet offering at wallet.near.org allows users to add recovery options including email data or phone numbers to their crypto wallet accounts. A bug in the system accidentally exposed sensitive details to a third party.

NEAR said it was able to quickly address the situation by deleting access to the data from the third party or its own employees, preventing the breach from being a threat to funds security or privacy of users.

 “The wallet team immediately remediated the situation, scrubbed all sensitive data, and identified any personnel who could have had the ability to access this data,” the team said. 

The bug was reported on June 6 by a web3 security auditing firm called Hacxyk, which was paid a $50,000 bounty. Still, the NEAR Protocol team had not shared the information until now. 

Hacxyk told The Block that the third party was Mixpanel, an analytics service, which NEAR used. Hacxyk compared the incident to the ongoing Slope Wallet issue in which wallet details were accidentally transmitted to a centralized server. It added that in NEAR’s case, private keys may have been compromised as well.

“We believe the nature is very similar to the recent Slope wallet hack on Solana. In short, the seed phrases were unknowingly leaked to the third party Mixpanel, an analytics service, when users chose email/SMS as the seed phrase recovery method. This means users’ seed phrases are stored into Mixpanel’s server,” Hacxyk said.

As a security measure, the NEAR Protocol said it no longer allows users to create accounts using email or SMS for account recovery. It also advised users who had previously used email or SMS recovery options with their NEAR wallet to “rotate their keys” or add a hardware wallet, such as Ledger. 

Per Hacxyk, the wallet account model for NEAR wallets is slightly different from Ethereum. A crypto account can have multiple keysets with different permissions. By rotating private keys, NEAR is telling users to revoke the potentially leaked keysets, and add fresh ones to replace them.

A NEAR Protocol co-founder did not immediately respond to The Block’s request for comment.

© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.



Source link

- Advertisement -
Mr Bitcointe
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
462FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,580FollowersFollow
2,230SubscribersSubscribe

Most Popular

bitcoin
Bitcoin (BTC) $ 23,028.17
ethereum
Ethereum (ETH) $ 1,685.82
tether
Tether (USDT) $ 1.00
bitcoin-cash
Bitcoin Cash (BCH) $ 140.83
litecoin
Litecoin (LTC) $ 60.56
eos
EOS (EOS) $ 1.23
okb
OKB (OKB) $ 18.25
tezos
Tezos (XTZ) $ 1.87
leo-token
LEO Token (LEO) $ 4.98
cardano
Cardano (ADA) $ 0.516314
monero
Monero (XMR) $ 159.92
stellar
Stellar (XLM) $ 0.121457
chainlink
Chainlink (LINK) $ 7.75
huobi-token
Huobi (HT) $ 4.35
tron
TRON (TRX) $ 0.069703
usd-coin
USD Coin (USDC) $ 1.00
dash
Dash (DASH) $ 52.62
neo
NEO (NEO) $ 11.42
iota
IOTA (MIOTA) $ 0.343615
nem
NEM (XEM) $ 0.052067
zcash
Zcash (ZEC) $ 67.65
maker
Maker (MKR) $ 1,096.01
paxos-standard
Pax Dollar (USDP) $ 1.00
ethereum-classic
Ethereum Classic (ETC) $ 37.67
vechain
VeChain (VET) $ 0.03111
true-usd
TrueUSD (TUSD) $ 1.00
ftx-token
FTX (FTT) $ 30.30
kucoin-shares
KuCoin (KCS) $ 10.54
waves
Waves (WAVES) $ 6.06