Some magic links – a passwordless sign-in method embraced by a growing number of crypto wallets and web apps – have a critical vulnerability, according to the crypto wallet startup Dfns. Dfns offers wallet services and is backed by firms including White Star Capital, Hashed, Susquehanna, Coinbase Ventures and ABN AMRO. A magic link is a unique, one-time-use URL that is generated by a website or app to authenticate a user without requiring them to enter a password. When the user clicks on a magic link sent to them by the web app, it verifies their identity and logs them into their account.
Consensus 2023 Logo
Join the most important conversation in crypto and Web3 taking place in Austin, Texas, April 26-28.
Secure Your Seat
Some magic links – a passwordless sign-in method embraced by a growing number of crypto wallets and web apps – have a critical vulnerability, according to the crypto wallet startup Dfns.
Dfns offers wallet services and is backed by firms including White Star Capital, Hashed, Susquehanna, Coinbase Ventures and ABN AMRO.
A magic link is a unique, one-time-use URL that is generated by a website or app to authenticate a user without requiring them to enter a password. When the user clicks on a magic link sent to them by the web app, it verifies their identity and logs them into their account. Initially spearheaded by Slack and other popular Web2 apps, magic links have become an increasingly common sign-in method for crypto wallets. Instead of requiring users to remember a complex key or seed phrase, magic links are promoted as a quicker, simpler and safer way to log in.
But Dfns says magic links – which can be implemented differently from app to app – are often vastly less secure than more traditional sign-in methods. Dfns categorizes the vulnerability it discovered as a “zero day” exploit – so severe as to essentially render magic links toxic for developers. Given the ubiquity of magic links beyond just crypto wallets (they’re used by some popular password managers, for example), Dfns said in a statement that the vulnerability could “pose a considerable risk to a substantial portion of the global economy.”
Full report : Crypto Wallet Firm Dfns Says ‘Magic Links’ Have Critical Vulnerability.