BitRss.com latest World Crypto News

Search and discover the latest Cryptocurrency updated Stories in Categories

24-7 World Cryptocurrency News about Blockchain, Technology and much more, only from Top Leading Sources

NEAR Protocol discloses breach of email and SMS data tied to user wallets

NEAR Protocol, a Layer 1 blockchain, notified users that SMS and email data used as recovery options in its core wallet offering were leaked to a third party in June. In a new blog post , NEAR said the issue was resolved before any harm was done.
NEAR Protocol’s wallet offering at wallet.near.org allows users to add recovery options including email data or phone numbers to their crypto wallet accounts. A bug in the system accidentally exposed sensitive details to a third party.
NEAR said it was able to quickly address the situation by deleting access to the data from the third party or its own employees, preventing the breach from being a threat to funds security or privacy of users.
 "The wallet team immediately remediated the situation, scrubbed all sensitive data, and identified any personnel who could have had the ability to access this data," the team said. 
The bug was reported on June 6 by an ethical hacking team called Hacxyk, which was paid a bounty. Still, the NEAR Protocol team had not shared the information until now. 
Hacxyk told The Block that the third party was Mixpanel, an analytics service, and compared the incident to an ongoing Slope Wallet issue in which details were accidentally transmitted to a centralized server. Hacxyk added that private keys may have been compromised as well.
"We believe the nature is very similar to the recent Slope wallet hack on Solana. In short, the seed phrases were unknowingly leaked to the third party Mixpanel, an analytics service, when users chose email/sms as the seed phrase recovery method. This means users’ seed phrases are stored into Mixpanel’s server," Hacxyk said.
As a security measure, the NEAR Protocol said it no longer allows users to create accounts using email or SMS for account recovery. It also advised users who had previously used email or SMS recovery options with their NEAR wallet to "rotate their keys" or add a hardware wallet, such as Ledger. 
Per Hacxyk, the wallet account model for NEAR wallets is slightly different from Ethereum. A crypto account can have multiple keysets with different permissions. By rotating private keys, NEAR is telling users to revoke the potentially leaked keysets, and add fresh ones to replace them.
A NEAR Protocol co-founder did not immediately respond to The Block's request for comment. © 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

BitRss.com shares this Contents always with License.

Thank you for Share!

   
Tumblr
LinkedIn
Reddit
VK

WhatsApp
Telegram

Cool to know huh? Read the full Article

Read the full Article:  ⭲ NEAR Protocol discloses breach of email and SMS data tied to user wallets


Search about Crypto News


BITRSS | CRYPTOCURRENCY WORLD NEWS

The latest Top News, only from Leading exponents of BlockChain, Bitcoin and different Accredited Crypto Currency Sources.

Since 2015, our Mission was to Share, up-to-date, those News and Information we believe to represent in an Ethical and sincere manner the current Crypto Currencies World: everything you are looking for, in one place!

We have always tried to give priority to the News; for this reason we have designed BitRss.com simple and intuitive, usable by all Devices, fast and effective.


| LEARN MORE ABOUT |

Today Most Popular News



SneakPeek Script
Setup, Upload and Go!