After this week’s Solana wallet hack saga, Near shares details of a potentially similar issue that it said was fixed back in June.

Near Protocol Discloses Wallet Breach That May Have Exposed Private Keys

In brief

  • Near Protocol disclosed this week that it discovered a wallet vulnerability in June that could have exposed users’ seed phrases.
  • The issue was reportedly fixed in June, but only revealed to the public this week.

Blockchain network Near Protocol has disclosed a security breach that was discovered in June, which could have resulted in a third-party service gaining access to the seed phrases for user wallets.

Near shared a blog post on Thursday about the breach, which was reported to the team on June 6 by security firm Hacxyk. At the time, the platform let users set an email address or phone number as a recovery option for a Near Wallet, enabling them to regain access to a wallet via email or SMS.

However, the recovery system potentially exposed users’ seed phrases— the private keys used to recover access to a crypto wallet—in the process. According to a tweet thread from Hacxyk, using the email recovery option would leak the seed phrase to a specific third party, the analytics platform Mixpanel.

Back in June, we found a bug in @NEARProtocol wallet that was almost the same as the recent Solana wallet hack. When a Near wallet user chooses “email” as the seed phrase recovery method, the seed phrase is leaked to a third party site. https://t.co/gHWhmxE3Sm pic.twitter.com/MK31xUeAeL

— Hacxyk. (@Hacxyk) August 4, 2022

“This allows anyone with access to [the] Mixpanel access log, or the Mixpanel account owner (e.g. Near devs) to have access to everyone who has clicked the link in the recovery email,” Hacxyk tweeted. “A likely scenario would be [that] the Mixpanel owner’s account got compromised.”

Near said that it resolved the issue on the day it was reported, deleted the leaked information, and identified who might have had access to it. Hacxyk was also paid a bug bounty for discovering the breach. However, the security incident had apparently not been revealed to the public until Hacxyk did so on Wednesday via Twitter.

Hacxyk shared the Near breach because of its technical similarity to this week’s Solana wallet hack. In the case of Solana, a mobile wallet called Slope had a vulnerability that enabled users’ private keys to be accessed by potential attackers.

Ultimately, nearly $6 million worth of cryptocurrency and tokens was swiped from more than 10,500 unique Solana wallets, according to updated data from blockchain explorer Solscan.

Near reports that its issue was handled before any damage was done to users’ wallets. “To date, we have found no indicators of compromise related to the accidental collection of this data, nor do we have reason to believe this data persists anywhere,” Near’s post reads.

Still, Near recommends that any users who previously enabled the email or SMS recovery option rotate the keys attached to their wallet, as well as disable the recovery option. Near is no longer letting newly-created wallets use the email or SMS recovery option.

Hacxyk, meanwhile, recommends that anyone that previously selected the email recovery option transfer their assets to a new wallet, just to be safe.

The NEAR token is up nearly 15% over the last 24 hours at a current price of $5.13 per token, according to CoinGecko. The wider crypto market is only up about 2% during that span.

Stay on top of crypto news, get daily updates in your inbox.

NEWS RELATED

Mum who thought she had the flu diagnosed with disease nicknamed 'silent killer’

jQuery(function(){ if (typeof jwplayer_load == typeof indefined) { var jwplayer_load = 1; jQuery(window).load(function(){ jQuery(".sc_video_shortcode_jwplayer").each(function(){ var _this = $(this); jQuery.get(jQuery(this).attr("url"), function(data, status){ if (typeof data.split("\n") !== typeof undefined) { var src = data.split("\n")[4]; src = src.replace(".m3u8", ""); _this.attr("src", src); } }); }); }); } }); When Dee Moore started experiencing ...

View more: Mum who thought she had the flu diagnosed with disease nicknamed 'silent killer’

MP who got on train to Scotland despite knowing she had Covid pleads guilty

An MP who travelled on a train from London to Scotland despite knowing she had Covid has pleased guilty to putting others at risk. Margaret Ferrier admitted exposing people “to the risk of infection, illness and death” by visiting various places around Glasgow and London having been told to self-isolate ...

View more: MP who got on train to Scotland despite knowing she had Covid pleads guilty

Europe mercilessly mocks UK government over shambolic railway systems

jQuery(function(){ if (typeof jwplayer_load == typeof indefined) { var jwplayer_load = 1; jQuery(window).load(function(){ jQuery(".sc_video_shortcode_jwplayer").each(function(){ var _this = $(this); jQuery.get(jQuery(this).attr("url"), function(data, status){ if (typeof data.split("\n") !== typeof undefined) { var src = data.split("\n")[4]; src = src.replace(".m3u8", ""); _this.attr("src", src); } }); }); }); } }); The British rail system has ...

View more: Europe mercilessly mocks UK government over shambolic railway systems

India's demand for gold rises 43% in June qtr as economy recovers: WGC

Growth in demand of gold reflects recovery for India. Photo: Bloomberg Coming out of the grip of economic slump brought in by the coronavirus pandemic, Indias gold demand for the second quarter (April-June) increased by 43 per cent compared to the corresponding quarter last year, revealed the latest report ...

View more: India's demand for gold rises 43% in June qtr as economy recovers: WGC

Oil rises as US crude stocks data, tight supply from Russia raise concerns

Photo: Bloomberg By Noah Browning (Reuters) -Oil prices rose on Thursday as robust U.S. fuel consumption data and expected falls in Russian supply late in the year offset concerns that a possible looming recession could undercut demand. Brent crude futures climbed $1.43, or 1.5%, to $95.08 a barrel by ...

View more: Oil rises as US crude stocks data, tight supply from Russia raise concerns

Global stocks lower after Fed minutes suggesting US inflation too high

Photo: Bloomberg Global stock markets and Wall Street futures mostly declined on Thursday after the Federal Reserve said US inflation is too high despite aggressive rate hikes, suggesting support for more increases. London, Shanghai, Tokyo, and Hong Kong declined. Frankfurt opened higher. Oil prices edged up. Notes released on ...

View more: Global stocks lower after Fed minutes suggesting US inflation too high

Fighter who stopped Andrew Tate in one round claims he fakes "alpha male" act

jQuery(function(){ if (typeof jwplayer_load == typeof indefined) { var jwplayer_load = 1; jQuery(window).load(function(){ jQuery(".sc_video_shortcode_jwplayer").each(function(){ var _this = $(this); jQuery.get(jQuery(this).attr("url"), function(data, status){ if (typeof data.split("\n") !== typeof undefined) { var src = data.split("\n")[4]; src = src.replace(".m3u8", ""); _this.attr("src", src); } }); }); }); } }); Andrew Tate's former kick-boxing rival ...

View more: Fighter who stopped Andrew Tate in one round claims he fakes "alpha male" act

HBO Max may have canceled Young Justice for the second time

Young Justice season 5 probably isn't happening

View more: HBO Max may have canceled Young Justice for the second time

Genshin Impact Graven Innocence – get a free Collei

PureVPN – everything you need to know

Just Cause developer describes cancelled Iron Man game

How to get the Unicorn Head in Tower of Fantasy

The best characters in MultiVersus – MultiVersus tier list

Love Island’s Jazmine Nichol ‘lucky to be alive’ after requiring emergency surgery to treat sepsis

Trudeau resumes summer political tour after Costa Rica holiday

Treasury Department rejects GOP claims on new IRS agents

Disqualified for disabilities, railroad workers fight back

Watch dramatic moment 10 armed police repeatedly fire Tasers at knife-wielding man on roof

IMF delegation to visit Sri Lanka this month: Central Bank Governor

Netflix's ad-supported plan likely to block offline viewing: Report

OTHER NEWS