Following the attacks on Solana, Near Protocol has issued an official disclosure detailing a similar issue, which it claimed was addressed and resolved earlier in June. The security breach involves a third-party threat actor who gained unauthorized access to passphrases for its users’ wallets.
According to Near, the breach reported to their team by Hacxyk, a security company working in the Web3 space. ONE Twitter thread by Hacxyk details how the protocol’s email recovery process was leveraged to leak user keyphrases to Mixpanel, an analytics platform.
Such a process “allows anyone with access to [the] Mixpanel access log or the Mixpanel account holder (eg Near Developers) to access everyone who clicked on the link in the recovery email,” Hacxyk explains. Additionally, this script is also set up once the Mixpanel user account is compromised as a first instance or as a step in the hacking process.
In June, we found a bug @NEARProtocol wallet that was almost the same as the recent Solana wallet hack. When a Near wallet user selects “email” as the seed phrase retrieval method, the seed phrase is leaked to a third-party website. https://t.co/gHWhmxE3Sm pic.twitter.com/MK31xUeAeL
— Hacxyk. (@Hacxyk) August 4, 2022
Near Protocol said it had fixed the issue on the same day it was reported by Hacxyk, with the security firm receiving a bug bounty for discovering the breach. It wasn’t until the security firm publicly disclosed it on Twitter that Near Protocol acknowledged that such a breach had occurred.
“To date, we have found no indicators of compromise related to the random collection of this data, nor do we have reason to believe that this data persists anywhere,” Near Protocol said.
The news of the hack follows closely on the heels of a recent attack on the Solana crypto infrastructure network, in which more than 5,000 wallets were compromised, initially, with the total number approaching 10,500 after analysis. The Near Protocol says the user’s keyphrases were exposed through a similar process. In Solana’s case, about $6 million worth of crypto was hacked and stolen. So far, it is unclear whether any cryptogram was obtained during the Near Protocol breach.
For now, Near Protocol has advised all its users to generate new phrases and create new wallets as a first security measure. The group is also auditing its email service partners and has put in place “enhanced security measures” to prevent such a breach from happening again.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial or other advice.