Researchers uncovered critical vulnerabilities in browser wallets including Stellar Freighter, enabling attackers to silently steal recovery phrases and drain funds just by visiting a malicious site, without user interaction. Detailed exploits in Stellar Freighter, Frontier, and Coin98 wallets were reported and fixed with bounties. These flaws highlight risks in wallet architecture and the need for robust security.
The article details severe vulnerabilities in popular browser wallets like Stellar Freighter, Frontier Wallet, and Coin98 that allow silent fund drainage without phishing or user approval. In Stellar Freighter, a flawed single-handler messaging system enabled attackers to leak the secret seed phrase via crafted messages, earning a $20,000 bounty and CVE assignment. Frontier exposed encrypted mnemonics for offline brute-force, while Coin98 allowed forced unlocking and transaction signing. These pre-connection exploits operate stealthily, permitting delayed theft. The piece explains wallet architecture, risks, and urges better security practices amid evolving Web3 threats.
