Share this article
Ethereum Browser Bug Could Put User Funds At Risk
Using ethereum browser Mist may put cryptocurrency private keys at risk, according to an Ethereum Foundation blog post.
Updated Sep 13, 2021, 7:16 a.m. Published Dec 15, 2017, 12:05 p.m.
Using ethereum browser Mist may put cryptocurrency private keys at risk, according to an Ethereum Foundation blog post published today.
The threat arises from a newly discovered vulnerability, which the blog post classifies as "high severity," and impacts all existing versions of the browser. However, Mist browser compatible Ethereum Wallet is not affected, the post clarifies.
STORY CONTINUES BELOW
Ne manquez pas une autre histoire.Abonnez vous à la newsletter Crypto Daybook Americas aujourd. Voir toutes les newsletters
As a result, Mist users are urged to avoid "untrusted" websites, and to default to Ethereum Wallet to manage any funds.
The vulnerability stems from the underlying software framework, Electron. Electron's delay in upgrading to correct known security issues has led to "an increasing potential attack surface as time passes," the post's author, Mist developer Everton Fraga, said.
As a result, Mist is considering migrating to a fork of Electron from Brave – named Muon – that has a more frequent release schedule.
In the post, Fraga stressed that Mist is still in beta mode, and users that engage with the browser do so without warranty.
He said:
"The Mist Browser beta is provided on an "as is" and "as available" basis and there are no warranties of any kind, expressed or implied, including, but not limited to, warranties of merchantability or fitness of purpose."
The developer further described security as a "never-ending battle" in browser development, writing: "making a browser (an app that loads untrusted code) that handles private keys is a challenging task."
Sponsored by the Ethereum Foundation, Mist is the most popular ethereum browser for browsing decentralized applications (dapps).
Code image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
KindlyMD faces Nasdaq delisting risk after failing to meet minimum share price levels
The health-care and bitcoin treasury firm has six months to lift its share price above $1 for 10 consecutive days.
What to know:
- The Nasdaq exchange told KindlyMD (NAKA) that it faces being delisted after its share price dropped below $1 for 30 consecutive business days.
- The health-care company that is building a bitcoin treasury has until June 8 to regain compliance, which requires the stock to close at or above $1 for at least 10 consecutive business days.
- The shares first fell below $1 in late October, and closed Monday at $0.38.
