Loading...

Attackers might have exploited a bug in Argent wallet to steal user funds

In this post:

A vulnerability in the Argent wallet would have enabled attackers in stealing funds from users that have no guardians.

According to a report by researchers at OpenZeppelin, the bug could have allowed attackers to take over Argent wallets, especially those that have not activated any guardian features.

Argent wallet vulnerability exploited

The guardian feature allows users to control certain actions of a wallet such as a wallet recovery and locking it. To create an account on the platform, users need to set up guardians. However, accounts created before March 30, 2020, could be set up without a guardian.

Attackers exploited a bug in Argent’s code and triggered a recovery process on accounts that have not set up a guardian. However, users can protect their funds by regularly monitoring their wallets and canceling the recovery request within 36 hours of its issuance.

This is a default recovery period that can now be used to protect user funds. However, if the user blocks a recovery attempt, the bug in the wallet leaves them vulnerable to a denial of service attack that might freeze their funds for an indefinite period of time.

This can be done by repeatedly requesting a wallet recovery so that the account remains in the recovery period and the user will be unable to access the funds.

Solution

Argent’s team reported that they would use OpenZeppelin’s fix that would stop attackers from triggering a wallet recovery. Due to the great number of wallets that have no guardians, the firm suggested the addition of a function that would ensure that if a wallet has zero guardians, the request will not be returned.

Argent revealed that it was already contacting affected users to set up at least one guardian for their wallet.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Gemini
Cryptopolitan
Subscribe to CryptoPolitan