Hackers Are Cloning Web3 Wallets Like Metamask and Coinbase Wallet to Steal Crypto
Confiant, an advertising security agency, has found a cluster of malicious activity involving distributed wallet apps, allowing hackers to steal private seeds and acquire the funds of users via backdoored imposter wallets. The apps are distributed via cloning of legitimate sites, giving the appearance that the user is downloading an original app. Malicious Cluster Targets Web3-Enabled Wallets Like Metamask
Hackers are becoming more and more creative when engineering attacks to take advantage of cryptocurrency users. Confiant, a company that is dedicated to examining the quality of ads and the security threats these might pose to internet users, has warned about a new kind of attack affecting users of popular Web3 wallets like Metamask and Coinbase Wallet.
The cluster, that was identified as “Seaflower,” was qualified by Confiant as one of the most sophisticated attacks of its kind. The report states that common users cannot detect these apps, as they are virtually identical to the original apps, but have a different codebase that allows hackers to steal the seed phrases of the wallets, giving them access to the funds. Distribution and Recommendations
The report found out that these apps are distributed mostly outside regular app stores, through links found by users in search engines such as Baidu. The investigators state that the cluster must be of Chinese origin due to the languages in which the code comments are written, and other elements like infrastructure location and the services used.
The links of these apps reach popular places in search sites due to the intelligent handling of SEO optimizations, allowing them to rank high and fooling users into believing they are accessing the real site. The sophistication in these apps comes down to the way in which the code is hidden, obfuscating much of how this system works.
The backdoored app sends seed phrases to a remote location at the same time that it is being constructed, and this is the main attack vector for the Metamask imposter. For other wallets, Seaflower also uses a very similar attack vector.
Experts further made a series of recommendations when it comes to keeping wallets in devices secure. These backdoored applications are only being distributed outside app stores, so Confiant advises users to always try to install these apps from official stores on Android and iOS. Tags in this story Backdoor, Coinbase Wallet, Hackers, metamask, seaflower, seed phrases, Wallets, Web3
What do you think about the backdoored Metamask and Web3 wallets? Tell us in the comments section below. Sergio Goschenko
Sergio is a cryptocurrency journalist based in Venezuela. He describes himself as late to the game, entering the cryptosphere when the price rise happened during December 2017. Having a computer engineering background, living in Venezuela, and being impacted by the cryptocurrency boom at a social level, he offers a different point of view about crypto success and how it helps the unbanked and underserved. Report: Celsius Seeks Help From Restructuring Lawyers Over Financial Hardship NEWS | 3 hours ago Coinbase Reduces the Size of the Firm"s Workforce by 18% NEWS | 15 hours ago
Image Credits: Shutterstock, Pixabay, Wiki Commons, photo_gonzo Previous articleReport: Celsius Seeks Help From Restructuring Lawyers Over Financial Hardship Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments More Popular NewsIn Case You Missed ItTony Hawk"s Latest NFTs to Come With Signed Physical Skateboards
Last December, the renowned professional skateboarder Tony Hawk released his “Last Trick” non-fungible token (NFT) collection via the NFT marketplace Autograph. Next week, Hawk will be auctioning the skateboards he used during his last tricks, and each of the NFTs ... read more.Today"s Top Ethereum and Bitcoin Mining Devices Continue to Rake in Profits Australia to List Bitcoin ETF After 4 Clearinghouse Participants Commit to Meet Stringent Margin Terms Survey: Adoption in Argentina Grows, With 12 out of 100 Adults Having Invested in Crypto Ethereum Foundation"s Financial Report Discloses It Holds $1.6 Billion in Assets, 80.5% Held in Ether