NEAR Protocol discloses SMS And Email Data Breach Tied to Users Wallets

August 8, 2022

MCP News Free

NEAR Protocol discloses SMS And Email Data Breach Tied to Users Wallets

A Layer 1 blockchain, NEAR Protocol, has recently informed its users of a recent compromise in the email data related to its customers, an issue that was fixed before it leads to any damages.

Apart from sharing free trading signals on MyCryptoParadise channels, the Paradise Team through our ParadiseFamilyVIP dispenses life-changing information and education to our ParadiseFamilyVIP on Binance (Spot&Futures), Kucoin, Bybit and Bitmex which we strongly recommend for our BTC and ETH exclusive trading.

We share our personal trading signals with little or no effort required from our clients, in fact, you don’t need to be an expert, we will walk you through the process of winning trades. Isn’t that sexy?

Use PRO20% for your special 20% discount today as the promo expires soon. Click here to see reviews.

NEAR Protocol Discloses Critical Wallet Breach

In June, the SMS and email data used as a recovery option by customers in NEAR protocol’s wallet was breached according to the information disclosed by NEAR to its users recently.

NEAR’s clients can add recovery options like phone numbers or email addresses to their cryptocurrency wallets, a bug in the system however exposed some sensitive details to a third party.

According to NEAR, it was able to address the event swiftly by removing every access to data from its workers and third party, preventing the breach from being a threat to funds security or privacy of users.

“The wallet team immediately remediated the situation, scrubbed all sensitive data, and identified any personnel who could have had the ability to access this data,” said the team.

On June 6, the bug was reported by Hacxyk, an ethical hacking team.

Back in June, we found a bug in @NEARProtocol wallet that was almost the same as the recent Solana wallet hack. When a Near wallet user chooses "email" as the seed phrase recovery method, the seed phrase is leaked to a third party site. https://t.co/gHWhmxE3Sm pic.twitter.com/MK31xUeAeL
— HACxyk. (@Hacxyk) August 4, 2022

The third party was Mixpanel, according to Hacxyk an analytics service, and compared the incident to an ongoing Slope Wallet issue in which details were accidentally transmitted to a centralized server. Hacxyk added that private keys may have been compromised as well.

“We believe the nature is very similar to the recent Slope wallet hack on Solana. In short, the seed phrases were unknowingly leaked to the third party Mixpanel, an analytics service, when users chose email/sms as the seed phrase recovery method. This means users’ seed phrases are stored into Mixpanel’s server,” Hacxyk said.

To be proactive against subsequent occurrences, NEAR Protocol will neither allow signing up with emails nor allow the use of SMS for accounts recovery henceforth.

NEAR however informed users who have used emails or SMS for accounts recovery option with their NEAR wallets to “rotate their keys” or add a hardware wallet, such as Ledger.

Join our telegram channels where we share our FREE updates and analysis on coins like BTC, ETH, and other trending altcoins. We also share our FREE secret insights. And also FREE market updates.