TechFlow news, according to CoinDesk, at least 10 browser extension wallets including MetaMask and Phantom may have exposed users' login information due to an issue in JavaScript. The vulnerability could allow mnemonic phrases to remain stored in memory for a period of time, making them exploitable by attackers. MetaMask and Phantom have both patched the vulnerability.
MetaMask stated that compromise is only possible if all three conditions are met: the hard drive is unencrypted, the mnemonic phrase was imported into an untrusted or compromised device, and the "Show Secret Recovery Phrase" feature was used during import.
Additionally, Halborn received a $50,000 bug bounty for disclosing the vulnerability and recommended users switch to new wallet addresses. Steve Walbroehl, co-founder of Halborn, said the vulnerability has existed for a long time and out of caution, it's best to change wallet addresses.




