Cryptocurrency News

SlowMist’s CISO Warns of WebAuthn Key Login Vulnerability

Photo of Harsh ChauhanPhoto of Harsh Chauhan Harsh Chauhan2 hours ago
3 minutes read
SlowMist CISO warns of emerging cyber threat (1)

Key Highlights:

  • SlowMist’s CISO 23pds warns against a new WebAuthn bypass attack on social media platform X.
  • Through this attack, attackers can bypass WebAuthn and steal identities without needing your device or even biometrics.
  • The flaw is not in WebAuthn itself but it is in the surrounding ecosystems.

A new cybersecurity alert has been issued after researchers have identified a type of attack that can bypass WebAuthn key-based login. The attack was first reported by SlowMist’s Chief Information Security Officer 23pds. In his post on social media platform X (formerly known as Twitter), he has explained how the hackers can exploit the WebAuthn API to steal user identities without having the user’s physical security keys or any biometric data.

SlowMist CISO warns of emerging cyber threat
SlowMist CISO warns of emerging cyber threat

According to the researchers, the attackers can make use of malicious browser extensions or cross-site scripting (XSS) flaws on targeted websites to disrupt the WebAuthn process. Once the malicious extension or XSS flaw is successfully used, the attacker can manipulate the login by forcing a switch to password-based authentication or altering the key registration.

Both approaches give attackers a direct way to steal user credentials and impersonate the victim on their important accounts.

Why Is This Attack Alarming?

WebAuthn, an abbreviation for Web Authentication, was created by FIDO Alliance and W3C so that it can replace traditional passwords with public key cryptography using hardware keys or biometrics. Used by companies like Google, Microsoft and Apple, it is considered to be one of most phishing-resistant login methods that exist today.

However, the new bypass that the researchers have found out, targets the browser level API, not the cryptography itself. By exploiting this layer, attackers do not need the user’s key or any of their devices and they can manipulate how websites handle authentication. Anyone logging in with a security key on a site that is compromised could have their login data exploited without the users knowing about it.

The SlowMist’s Chief Information Security Officer 23pds explained in his post on X, the issue is from the surrounding ecosystem, as websites, browsers, and extensions are the potential weak points even when WebAuthn’s cryptography is secure.

Has This Happened Before?

This is the first that the WebAuthn has faced a publicly known bypass of this kind but there have been a few incidents from which parallels can be drawn,

  • In 2020, researchers showed how a malicious extension in Chrome has the capacity to capture authentication tokens, which can lead to a complete session hijacking.
  • XSS-based login tampering is not something that is new. It has been used beforehand to exploit OAuth and SAML logins. This indicates that the weaknesses lie in web applications and not within the authentication standards themselves.
  • In 2022, Google warned that some malware targets browser sessions instead of stealing passwords. This highlights that even passwordless authentication still relies on the security of the platform.

Even if you look at the instances above, it is clear that the attackers do not break strong encryption itself, but they exploit the weaknesses present in the surrounding applications to bypass security.

Potential Risks and Consequences

If exploited, the WebAuthn can significantly harm users and businesses. Attackers can easily replace a user’s security key during registration, risking exposure if the same password is used on multiple sites. Accounts in banking, finance, SaaS platforms and crypto exchanges are easy targets, since they rely on passwordless logins for high-value transactions.

As the use of passwordless authentication grows throughout the industries, this issue highlights that even strong standards can be weakened by insecure endpoints.

How to Protect Against the Threat

Experts suggest that there should be multiple layers of defense. One should regularly check browser extensions and remove anything that looks suspicious. Make your website safer by blocking XSS attacks, use multi-factor authentication instead of just passwords, and make sure that your browser is always updated and is protected against new WebAuthn threats.

Also Read: Fusaka Upgrade Revealed: 2025 Q4 Could Be Historic For Ethereum

Photo of Harsh ChauhanPhoto of Harsh Chauhan Harsh Chauhan2 hours ago
3 minutes read
Photo of Harsh ChauhanPhoto of Harsh Chauhan

Harsh Chauhan

Harsh Chauhan is an experienced crypto journalist and editor at CoinNewsSpan. He was formerly an editor at various industries, including his tenure at TheCryptoTimes, and has written extensively about Crypto, Blockchain, Web3, NFT, and AI. Harsh holds a Bachelor of Business Administration degree with a focus on Marketing and a certification from the Blockchain Foundation Program. Through his writings, he holds the pulse of the rapidly evolving crypto landscape, delivering timely updates and thought-provoking analysis. His commitment to providing value to readers is evident in every piece of content produced. With a deep understanding of market trends and emerging technologies, he strives to bridge the gap between complex blockchain concepts and mainstream audiences.