On August 4, Near Wallet, an e-wallet project on Near Blockchain, announced a bug that caused user information to be leaked, similar to the recent Solana vulnerability.
According to information from the Near Foundation, on June 6, the NEAR Wallet project team received a bug report that caused users’ personal information to be shared with a third party. However, this issue was fixed day in day.
“Although we were previously aware of this risk and carefully handled data collected from third-party services, a code change caused the data of some users to use email and SMS for their wallet is collected by a third party,” said a representative from Near blockchain.
Immediately, the project team took care of the problem, deleted all user information and identified employees who had access to this data source.
“Until now, we have found no indications regarding the use of the collected data and we believe that this information no longer exists anywhere,” a Near blockchain representative said. know.
However, to completely solve this problem, Near Wallet no longer allows users to use email or text messages to recover accounts.
“Although there is no evidence of information being disclosed, we nevertheless recommend that users who have chosen to use the SMS or email recovery feature change it by another method such as a pass phrase. This can be done through accessing the address wallet.near.org,” shared Near’s Twitter account.
The announcement from Near comes just a day after Solana discovered a vulnerability that leaked users’ private keys. This caused more than 8,000 Solana wallet addresses to have a net withdrawal of more than 8 million USD.
As reported by MarginATM, the cause of the incident is believed to be an error on the part of Slope Wallet that causes user information including private keys to be stored by a third party. The attacker took advantage of this loophole to take control of user wallets.