Researchers Discover ‘High Severity’ Vulnerability in DeFi Argent Wallet
Researchers at crypto-focused cybersecurity firm OpenZeppelin have discovered a “high severity” vulnerability on the popular Ethereum mobile wallet Argent, which helps users access the decentralized finance (DeFi) space.
In a blog post OpenZeppelin published, they add the vulnerability would have allowed attackers to take over the wallets of Argent users that had not activated the “guardian” feature, which gives selected accounts permission to execute actions on the wallet like locking it or approving wallet recovery.
Without the features, attackers could trigger a recovery process and steal funds. The attacks could be stopped if a user monitors their wallet and cancels the recovery request within a 36-hour default recovery period, in which Argent warns the user the recovery attempt is being made.
If the user blocked the theft attempt, hackers could then target them with a denial of service attack that would leave their funds frozen. Before March 30, wallets were created by default without the “guardian feature,” but Argent has now fixed the vulnerability.
OpenZeppelin has, nevertheless, identified 329 wallets holding roughly $37,000 in ETH that are at immediate risk.
