Lucene search
K

18 matches found

The Hacker News
The Hacker News
added 6 days ago11 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/04/20 9:1 a.m.8 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-36035

Malicious code in bioql PyPI...

5.9CVSS6.1AI score0.01448EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.9 views

CVE-2022-32969

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

5.9CVSS6.8AI score0.01448EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/09/09 8:50 a.m.18 views

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/27 1:15 p.m.15 views

Xenomorph hunts cryptocurrency logins on Android

Cryptocurrency owners should take heed of warnings related to Xenomorph malware--Bleeping Computer reports that the most recent version of Xenomorph now targets various cryptocurrency wallets using fake browser update messaging as bait. Xenomorph is roughly a year old, first springing to prominen...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/21 1:0 a.m.30 views

Steer clear of cryptocurrency recovery phrase scams

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Cuban lost a combination of coin types as asset movement flagged up after months of inactivity from his wallet. Cuban discovered some of the...

6.9AI score
Exploits0
NVD
NVD
added 2023/08/25 8:15 p.m.25 views

CVE-2023-40580

Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1...

8.1CVSS8AI score0.00564EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/25 7:51 p.m.27 views

CVE-2023-40580 Freighter mnemonic phrase may be accessed by Javascript through a private API

Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1...

8.1CVSS8.2AI score0.00564EPSS
Exploits0References3
OSV
OSV
added 2023/08/25 7:51 p.m.17 views

CVE-2023-40580 Freighter mnemonic phrase may be accessed by Javascript through a private API

Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1...

8.1CVSS6.4AI score0.00564EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/25 12:0 a.m.7 views

PT-2023-27518 · Freighter · Freighter

Name of the Vulnerable Software and Affected Versions: Freighter versions prior to 5.3.1 Description: The issue impacts access control to the mnemonic recovery phrase, potentially allowing a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked...

8.1CVSS7.2AI score0.00564EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/06/29 3:15 p.m.4 views

CVE-2022-32969

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

5.9CVSS5.8AI score0.01448EPSS
Exploits0References4
Prion
Prion
added 2022/06/29 3:15 p.m.20 views

Design/Logic Flaw

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

4.3CVSS5.7AI score0.01448EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/29 2:37 p.m.18 views

CVE-2022-32969

MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...

5.9CVSS6.8AI score0.01448EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/29 12:0 a.m.3 views

MetaMask 安全漏洞

MetaMask is a crypto wallet and gateway for blockchain applications in the MetaMask community. A security vulnerability exists in versions prior to MetaMask 10.11.3, which can be exploited by an attacker to access a user's secret recovery phrase...

5.9CVSS6AI score0.01448EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/19 12:0 a.m.10 views

PT-2022-3323 · Metamask +2 · Metamask +2

Name of the Vulnerable Software and Affected Versions: MetaMask versions prior to 10.11.3 Description: The issue is related to the storage of confidential information in unencrypted form, allowing an attacker to access a user's secret recovery phrase. This is due to the use of an input field for ...

7.2CVSS5.5AI score0.01448EPSS
Exploits0References11
Malwarebytes
Malwarebytes
added 2022/04/08 11:3 a.m.23 views

Don’t enter your recovery phrase! Phishers target Ledger crypto-wallet users

Ledger is one of the biggest hardware cryptocurrency wallets around and scammers have noticed. Phishing mails are in circulation, hoping to snag Ledger users with a sneaky request for passphrases. What is a Ledger recovery phrase? A recovery phrase is an incredibly important combination of words...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/04/28 5:38 p.m.51 views

Bitcoin scammers phish for wallet recovery codes on Twitter

Were no strangers to the Twitter customer support DM slide scam. This is where someone watches an organisation perform customer support on Twitter, and injects themselves into the conversation at opportune moments hoping potential victims don’t notice. This is aided by imitation accounts modelled...

7.1AI score
Exploits0
Rows per page
Query Builder