Security News > 2022 > June > MetaMask, Phantom warn of flaw that could steal your crypto wallets
MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it.
Anyone who gains access to a wallet's recovery phrase can import the wallet onto their own devices, allowing them to steal all the cryptocurrency and NFTS stored within it.
The 'Demonic' vulnerability was discovered by Halborn, an organization devoted to blockchain cybersecurity, who found the flaw in September 2021 and reported it to wallet vendors for remediation.
An attacker, or malware, with access to the computer, could then steal the seed and import the wallet on their own devices.
Metamask fixed the problem with wallet extension version 10.11.3, xDefi addressed 'Demonic' in version 13.3.8, and Phantom plugged the critical flaw in April 2022.
The most secure wallet remains a cold wallet, so this is still the best choice for cryptocurrency holders and digital investors who are willing to live with the drawbacks.