The NEAR Protocol detects the leakage of email and SMS data associated with user wallets

There has been another data breach involving cryptocurrency protocols. This time, the target was email and SMS data associated with Near Protocol (NEAR) user wallets.

It was revealed by the company in contribution on her blog. The company announced that the NEAR Wallet team received a bug report that indicated third parties had access to confidential user information.

Another data breach – the analytics platform had access to seed phrases

The NEAR Protocol wallet at wallet.near.org allows users to add account recovery options. This includes, for example, e-mail details or telephone numbers for collecting SMS. According to the post, the issue was resolved the same day.

"While the team was aware of this threat and carefully cleaned the data held by the third-party service, the code change resulted in the collection of sensitive data for some users using email or SMS recovery in their wallets," the NEAR team wrote.

Despite this, the team announced that ethical hackers from Hacxyk had uncovered the problem and sent their findings to the NEAR security team. According to protocol, hackers were rewarded for reporting.

So the team at NEAR Wallet fixed the situation, cleaned all the data and identified the people who had access to that data.

"To date, we have no reason to believe that this data persists anywhere," the team said.

Finally, the NEAR post states that despite this, it will no longer allow users to create accounts using email or SMS for recovery.

In addition, the protocol recommends that users who have taken advantage of the email or SMS recovery option rotate their keys to enable device or password Ledger security. After that, they must disable email or SMS recovery.

The keys may have been compromised

Hacxyk, a blockchain security firm, said the third party in question is Mixpanel, an analytics service. In addition, the firm revealed that private keys could also be compromised.

“We believe the nature is very similar to the recent Slope wallet hack on Solana. In short, seed phrases were leaked to the third-party analytics service Mixpanel when users chose email or sms as the seed phrase recovery method. This means that users' seed phrases are stored on the Mixpanel server."

It is not yet clear if any cryptocurrencies were stolen in the Near Protocol hack.

For now, Near Protocol has advised all its users to generate new seed phrases and create new wallets as a first security measure. The team is also auditing its email service partners and has implemented "enhanced security measures" to prevent such a breach from happening again.

Interesting events for our readers

Binance

Trade with up to 60% off fees and a $600 bonus

Open an account Review

Phemex

Free bonus up to $ 2,500 upon registration and deposit

Open an account Review

Bybit

Free bonus up to 3650 USD after registration and deposit

Open an account Review

All content in this article is for informational purposes only and does not in any way serve as investment advice. Investing in cryptocurrencies, commodities and stocks is very risky and can lead to capital losses.