Update: Solflare “xpass exploit" Details Released

In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.

Turns out, this was a backdoor, not a bug.

Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".

https://forum.hashpwn.net/post/11116

#solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity