Post the attacks on Solana, Near Protocol has issued an official disclosure of details into a similar issue, which it claimed was addressed and resolved earlier in June. The security breach involves a third-party threat actor, which gained unauthorized access to seed phrases for its user's wallets.
According to Near, the breach was reported to their team by Hacxyk, a security firm working in the Web3 space. A Twitter thread by Hacxyk details how the protocol's email recovery process was exploited to leak user's seed phrases to Mixpanel, an analytics platform.
Such a process "allows anyone with access to [the] Mixpanel access log, or the Mixpanel account owner (e.g. Near devs) to have access to everyone who has clicked the link in the recovery email,” explains Hacxyk. Further, this scenario also is set up once a Mixpanel user's account is compromised as a first instance or step into the hack's procedure.
Back in June, we found a bug in @NEARProtocol wallet that was almost the same as the recent Solana wallet hack. When a Near wallet user chooses "email" as the seed phrase recovery method, the seed phrase is leaked to a third party site. https://t.co/gHWhmxE3Sm pic.twitter.com/MK31xUeAeL— Hacxyk. (@Hacxyk) August 4, 2022
Near Protocol has stated that it has resolved the issue on the same day the it was reported by Hacxyk, with the security firm receiving a bug bounty for the breach's discovery. It was only until the security firm publicly disclosed it on Twitter that Near Protocol acknowledged that such a breach did happen.
"To date, we have found no indicators of compromise related to the accidental collection of this data, nor do we have reason to believe this data persists anywhere," Near Protocol stated.
The news of the hack follows closely on the heels of a recent attack on crypto infrastructure network Solana, in which over 5,000 wallets were compromised, initially, with the total count nearing 10,500 after analysis. Near Protocol says that the user's seed phrases were exposed in a similar procedure. In the case of Solana, roughly $6 million worth of crypto was compromised and stolen. So far, it is unclear if any crypto was taken in the Near Protocol hack.
For now, Near Protocol has advised all of its users to generate new seed phrases and create new wallets as a first safety measure. The team is also conducting an audit of its email service partners and has put in place "enhanced security measures" to prevent such a breach from happening again.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.