Near Protocol Discloses Wallet Breach That May Have Exposed Private Keys
Blockchain network Near Protocol has disclosed a security breach that was discovered in June, which could have resulted in a third-party service gaining access to the seed phrases for user wallets.
Near shared a blog post on Thursday about the breach, which was reported to the team on June 6 by security firm Hacxyk. At the time, the platform let users set an email address or phone number as a recovery option for a Near Wallet, enabling them to regain access to a wallet via email or SMS.
However, the recovery system potentially exposed users’ seed phrases— the private keys used to recover access to a crypto wallet—in the process. According to a tweet thread from Hacxyk, using the email recovery option would leak the seed phrase to a specific third party, the analytics platform Mixpanel.
Back in June, we found a bug in @NEARProtocol wallet that was almost the same as the recent Solana wallet hack. When a Near wallet user chooses "email" as the seed phrase recovery method, the seed phrase is leaked to a third party site. — Hacxyk. (@Hacxyk) August 4, 2022
“This allows anyone with access to [the] Mixpanel access log, or the Mixpanel account owner (e.g. Near devs) to have access to everyone who has clicked the link in the recovery email,” Hacxyk tweeted. “A likely scenario would be [that] the Mixpanel owner’s account got compromised.”
Near said that it resolved the issue on the day it was reported, deleted the leaked information, and identified who might have had access to it. Hacxyk was also paid a bug bounty for discovering the breach. However, the security incident had apparently not been revealed to the public until Hacxyk did so on Wednesday via Twitter.
Hacxyk shared the Near breach because of its technical similarity to this week’s Solana wallet hack. In the case of Solana, a mobile wallet called Slope had a vulnerability that enabled users’ private keys to be accessed by potential attackers.
Ultimately, nearly $6 million worth of cryptocurrency and tokens was swiped from more than 10,500 unique Solana wallets, according to updated data from blockchain explorer Solscan.
Near reports that its issue was handled before any damage was done to users’ wallets. “To date, we have found no indicators of compromise related to the accidental collection of this data, nor do we have reason to believe this data persists anywhere,” Near’s post reads.
Still, Near recommends that any users who previously enabled the email or SMS recovery option rotate the keys attached to their wallet, as well as disable the recovery option. Near is no longer letting newly-created wallets use the email or SMS recovery option.
Hacxyk, meanwhile, recommends that anyone that previously selected the email recovery option transfer their assets to a new wallet, just to be safe.
The NEAR token is up nearly 15% over the last 24 hours at a current price of $5.13 per token, according to CoinGecko. The wider crypto market is only up about 2% during that span.Source