'High severity' vulnerability in Argent wallet could have allowed attackers to steal user funds
June 19, 2020, 10:00AM EDT
2 min read
A "high severity" vulnerability was discovered on the popular Ethereum mobile wallet Argent by researchers at OpenZeppelin, a crypto-focused cybersecurity firm.
According to a blog post from OpenZeppelin, the issue could have allowed attackers to take over the wallets of Argent users, specifically those that have not activated "guardian" features. The post says that the Argent team has now fixed the bug and contacted affected users with steps to keep their wallets safe.
The guardian feature lets Argent users give selected accounts permission to execute actions on the wallet, like locking it or approving a wallet recovery. Before March 30, 2020, users could create wallets without guardians by default. A bug in Argent's code enabled attackers to target wallets without guardians and trigger a recovery process and steal funds.
The only way for a user to mitigate this process is to monitor their wallet and cancel the recovery request within the 36-hour default recovery period—Argent has a notification process that warns users when a recovery attempt is being made, giving them time to stop the recovery. But even if a user is able to block a false recovery attempt, the bug leaves them vulnerable to a denial of service attack that can keep their funds indefinitely frozen: the attacker can repeatedly trigger a recovery, forcing a victim to remain in the recovery period and preventing them from accessing their funds.
OpenZeppelin has identified 329 wallets holding nearly 162 ETH (~$37,000) that were at immediate risk. An additional 5,513 wallets were also identified as being potentially vulnerable to the attack.
"The Argent team has taken quick action to fix this issue so that no user funds were impacted," said Demian Brener, CEO of OpenZeppelin.
In March, Argent raised a $12M round led by Paradigm. As reported by The Block, more than 20,000 cryptocurrency wallets have been created on the platform.
Editor's Note: This post has been updated to clarify that Argent has a notification process to warn users when a recovery attempt is being made
Today the always-on demands of online markets have to be matched with the ability to access opportunities instantly and with no limits. Historically correspondent banks would move large sums of money for those needing to transfer funds while creating bottlenecks of unnecessary friction.
Ethereum had a breakout year in 2021. It’s native asset, ETH’s, market capitalization surpassed $500 billion for the first time. Its network facilitated upwards of $7 trillion value transfer. Non-fungible tokens (NFTs) emerged as another “killer application” that have put its technology on the global stage and caught the attention of the masses.
In this episode of The Scoop, StarkWare Co-Founders Uri Kolodny and Eli Ben-Sasson walk through StarkWare's recent fundraise and discuss how their firm is bringing affordable blockchain transactions to the masses.