Meanwhile, Coin98 Wallet contained a vulnerability allowing attackers to send crafted messages with isDev:true parameter to the Content Script, making the Background Script believe commands came from the legitimate Wallet UI rather than a malicious site. By manipulating the request.type parameter through the Content Script’s message listener, attackers could trigger internal functions intended for the Wallet UI and access the user’s secret recovery phrase. These critical flaws, discovered in wallets including Stellar Freighter, Frontier Wallet, and Coin98, represent a significant shift in attack vectors against crypto users. In a standard wallet architecture, a decentralized application (dApp) interacts with the wallet through a Provider API injected by the Content Script, which communicates with the Background Script that has access to private keys. “Simply visiting the wrong site could silently expose your recovery phrase, allowing attackers to drain your funds whenever they want,” explained researchers at Coinspect who identified the vulnerabilities. If you suspect your wallet may be compromised, security experts recommend immediately transferring remaining tokens to a newly created wallet and ceasing use of the compromised one. Researchers found a critical vulnerability (CVE-2023-40580) in Freighter, the official Stellar blockchain wallet. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Despite using separate ports for connections, attackers could access this information even when the wallet was locked. Users should remain vigilant and prioritize wallets with established security practices as these sophisticated, silent drain techniques become more prevalent in attackers’ arsenals. Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Apr 2025 14:20:09 +0000