NEAR Protocol reveals breach of email and SMS data linked to user wallets

NEAR Protocol, a Layer 1 blockchain, informed users in June that SMS and email data used as recovery options in its primary wallet service had been compromised by a third party. NEAR stated in a fresh report that the problem was fixed before any harm was done.

Users can add recovery alternatives, such as email addresses or phone numbers, to their crypto wallet accounts by visiting A system bug unintentionally disclosed sensitive information to a third party.

NEAR stated that it was able to rapidly address the matter by removing access to the data from the third party or its personnel, preventing the breach from posing a concern to the security of funds or the privacy of users.

"The wallet team immediately remediated the situation, scrubbed all sensitive data, and identified any personnel who could have had the ability to access this data," the team said.

The flaw was discovered on June 6 by Hacxyk, a web3 security auditing business that was granted a $50,000 prize. Nonetheless, the NEAR Protocol team had not yet disseminated the information.

The third party, according to Hacxyk, was Mixpanel, an analytics firm, and the incident was similar to an ongoing Slope Wallet issue in which details were unintentionally communicated to a centralized server. Private keys, according to Hacxyk, may also have been compromised.

"We believe the nature is very similar to the recent Slope wallet hack on Solana. In short, the seed phrases were unknowingly leaked to the third party Mixpanel, an analytics service, when users chose email/sms as the seed phrase recovery method. This means users’ seed phrases are stored into Mixpanel’s server," Hacxyk said.

The NEAR Protocol said that as a security measure, it no longer permits users to register accounts through email or SMS for account recovery.

Users who had previously used email or SMS recovery options with their NEAR wallet were also encouraged to "rotate their keys" or add a hardware wallet, such as Ledger.

According to Hacxyk, the wallet account model for NEAR wallets differs from that of Ethereum. Multiple keysets with varying permissions can be associated with a crypto account.

By rotating private keys, NEAR instructs users to revoke potentially leaked keysets and replace them with new ones.

The Latest News