February 7, 2023

After the attacks on Solana, Near Protocol released an official disclosure of details in a similar case, which it claimed was addressed and resolved earlier in June. The security breach involves a threatening third party, which has gained unauthorized access to the raw statements of their user wallets.

According to Nir, the The breach was reported to their team by Hacxyk, a security company operating in the Web3 space. a Twitter theme by Hacxyk It details how the protocol’s email recovery process was exploited to leak raw user phrases to Mixpanel, an analytics platform.

Such a process ‘allows anyone with access to [the] Hacxyk explains: Sign up for Mixpanel, or the owner of the Mixpanel account (such as nearby developers) to get access to everyone who clicked the link in the recovery email. Moreover, this scenario is also prepared once Mixpanel user account is hacked as initial example or step in hacking procedure.

Near Protocol said it fixed the issue the same day Hacxyk reported, with the security company receiving a bug bounty for discovering the breach. Only until the security company publicly disclosed it on Twitter did the Near Protocol acknowledge that such a breach had occurred.

“So far, we have not found any indications of a compromise regarding the accidental collection of this data, and we have no reason to believe that this data is still present anywhere,” Near Protocol stated.

The news of the hack is closely following in the wake of the recent attack on Solana’s crypto infrastructure network, in which more than 5,000 wallets were hacked, initially, with a total of close to 10,500 after analysis. The Near Protocol says user seed phrases were exposed in a similar procedure. In Solana’s case, nearly $6 million worth of cryptocurrency has been hacked and stolen. So far, it is not clear if any cryptocurrency was taken in the Near Protocol hack.

Currently, Near Protocol has advised all its users to create new seed gates and create new wallets as a first security measure. The team also conducts an audit of its email service partners and has put in place “enhanced security measures” to prevent such a breach from happening again.

Disclaimer: This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *