'High severity' vulnerability in Argent wallet could have allowed attackers to steal user funds


A "high severity" vulnerability was discovered on the popular Ethereum mobile wallet Argent by researchers at OpenZeppelin, a crypto-focused cybersecurity firm. 

According to a blog post from OpenZeppelin, the issue could have allowed attackers to take over the wallets of Argent users, specifically those that have not activated "guardian" features. The post says that the Argent team has now fixed the bug and contacted affected users with steps to keep their wallets safe.

The guardian feature lets Argent users give selected accounts permission to execute actions on the wallet, like locking it or approving a wallet recovery. Before March 30, 2020, users could create wallets without guardians by default. A bug in Argent's code enabled attackers to target wallets without guardians and trigger a recovery process and steal funds.

The only way for a user to mitigate this process is to monitor their wallet and cancel the recovery request within the 36-hour default recovery period—Argent has a notification process that warns users when a recovery attempt is being made, giving them time to stop the recovery. But even if a user is able to block a false recovery attempt, the bug leaves them vulnerable to a denial of service attack that can keep their funds indefinitely frozen: the attacker can repeatedly trigger a recovery, forcing a victim to remain in the recovery period and preventing them from accessing their funds.

OpenZeppelin has identified 329 wallets holding nearly 162 ETH (~$37,000) that were at immediate risk. An additional 5,513 wallets were also identified as being potentially vulnerable to the attack. 

"The Argent team has taken quick action to fix this issue so that no user funds were impacted," said Demian Brener, CEO of OpenZeppelin.

In March, Argent raised a $12M round led by Paradigm. As reported by The Block, more than 20,000 cryptocurrency wallets have been created on the platform.

Editor's Note: This post has been updated to clarify that Argent has a notification process to warn users when a recovery attempt is being made

Trending Stories

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

Digital asset economy fuels instant settlements innovation

Today the always-on demands of online markets have to be matched with the ability to access opportunities instantly and with no limits. Historically correspondent banks would move large sums of money for those needing to transfer funds while creating bottlenecks of unnecessary friction.
Read Full Story
Sponsored Post

Layer-2 Scaling Solutions: A Framework for Comparison - Commissioned by Polygon

Ethereum had a breakout year in 2021. It’s native asset, ETH’s, market capitalization surpassed $500 billion for the first time. Its network facilitated upwards of $7 trillion value transfer. Non-fungible tokens (NFTs) emerged as another “killer application” that have put its technology on the global stage and caught the attention of the masses.
Read Full Story
May 5, 2022, 3:17PM UTC