Hackxyk experts involved in auditing smart contracts have reported a vulnerability that could lead to the leaking of core phrases of NEAR Wallet wallet users.

We found a bug in June @NEARProtokol Wallet almost identical to the last Solana wallet hack. When a Near wallet user chooses “email” as the core word recovery method, the core word is leaked to a third-party site. https://t.co/gHWhmxE3Sm pic.twitter.com/MK31xUeAeL

— Hackxyk. (@Hacxyk) August 4, 2022

According to experts, wallet owners who choose email as a way to recover the secret may be at risk.

Hackxyk noted that with such a request, the seed phrase is sent directly to the user’s mail, compromising its security as it’s already accessible to mail services.

Experts have found that clicking the link sends the user’s data to a third party – the Mixpanel business intelligence service. At the same time, the request itself contained a seed phrase.

The bug was discovered in June and has already been fixed. Hackxyk advised all NEAR Wallet users who chose email as their recovery method to transfer their assets to a new wallet and update their starting sentence.

Analysts said that the discovered bug is very similar to the bug that can be used when hacking Solana-based wallets.

The Solana team had previously linked the incident to wallet provider Slope. Some experts noted that Slope was able to store user seed words on its central servers, which were later captured by the attackers.

Research firm OtterSec later confirmed that the Slope mobile app sends seed phrases to a central Sentry server, where they are stored unencrypted.

We have independently verified that Slope’s mobile app sends reminders via TLS to the central Sentry server.

These mnemonics are then stored in plain text, meaning anyone with access to Sentry can access their user private keys. pic.twitter.com/PkCFTeQgOP

— OtterSec (@osec_io) August 4, 2022

The server contained data for approximately 1,400 addresses affected by the exploit. At the same time, more than 5,300 private keys in Sentry have not yet been affected. Most of these addresses contain tokens. Experts strongly recommended the transfer of funds.

In Slow Fog registeredHe said the Phantom wallet team also uses Sentry. However, analysts have yet to find any evidence that secret statements from app users are stored on the server.

Researchers have confirmed that imToken and Sender wallets were not affected by the Sentry leak.

Our investigation concluded that: @imTokenOfficial Unaffected by the recent data leak involving Sentry. @SenderWallet & @Coin98 Wallets were also unaffected as they did not use Sentry services.

Specific versions may be shown for Android, iOS and Chrome extension👇 pic.twitter.com/roGMW0rw9D

— SlowMist (@SlowMist_Team) August 4, 2022

Recall that during the attack, hackers pulled millions of dollars from around 8,000 Solana-based wallets.

Read what the seed phrase is on ForkLog cards and what the difference is between custodial and non-custodial wallets.

Read ForkLog bitcoin news in our Telegram – cryptocurrency news, courses and analysis.