Security investigators disclosed a vulnerability in a Trust Wallet Chrome extension that allows mnemonic data to be decrypted with the password entered during wallet unlocking. The finding emphasizes that the encrypted mnemonic is decrypted using the user’s wallet unlock credentials. The disclosure highlights the risk of mnemonic exposure within browser extensions and could influence future security patches. The exact mechanism described is that ‘The encrypted mnemonic is then decrypted using the password or passkey entered during wallet unlock’.
Security researchers disclosed a vulnerability in the Trust Wallet Chrome extension that allows mnemonic data to be decrypted with the password entered during wallet unlocking. The finding shows that the encrypted mnemonic is decrypted using the user’s wallet unlock credentials, creating a potential exposure vector within browser extensions. This revelation underscores the security risks associated with browser-based wallets and could influence forthcoming patches. According to investigators, the encrypted mnemonic is decrypted using the password or passkey entered during wallet unlock.
This behavior exposes mnemonic data to attackers who obtain unlock credentials, underscoring the need for patches and stronger isolation in extensions. The disclosure emphasizes the importance of secure handling of sensitive wallet data within browser environments and may drive stricter security measures in future updates. Users should monitor updates from extension developers and consider additional security practices until patches are released. Keeping software up to date and enabling multi-factor authentication where possible can help mitigate the risk while patches are developed and rolled out.
Leave a Reply