Hackers Are Cloning Web3 Wallets Like Metamask and Coinbase Wallet to Steal Crypto

metamask

Confiant, an advertising security agency, has found a cluster of malicious activity involving distributed wallet apps, allowing hackers to steal private seeds and acquire the funds of users via backdoored imposter wallets. The apps are distributed via cloning of legitimate sites, giving the appearance that the user is downloading an original app.

Malicious Cluster Targets Web3-Enabled Wallets Like Metamask

Hackers are becoming more and more creative when engineering attacks to take advantage of cryptocurrency users. Confiant, a company that is dedicated to examining the quality of ads and the security threats these might pose to internet users, has warned about a new kind of attack affecting users of popular Web3 wallets like Metamask and Coinbase Wallet.

The cluster, that was identified as “Seaflower,” was qualified by Confiant as one of the most sophisticated attacks of its kind. The report states that common users cannot detect these apps, as they are virtually identical to the original apps, but have a different codebase that allows hackers to steal the seed phrases of the wallets, giving them access to the funds.


Distribution and Recommendations

The report found out that these apps are distributed mostly outside regular app stores, through links found by users in search engines such as Baidu. The investigators state that the cluster must be of Chinese origin due to the languages in which the code comments are written, and other elements like infrastructure location and the services used.

The links of these apps reach popular places in search sites due to the intelligent handling of SEO optimizations, allowing them to rank high and fooling users into believing they are accessing the real site. The sophistication in these apps comes down to the way in which the code is hidden, obfuscating much of how this system works.

The backdoored app sends seed phrases to a remote location at the same time that it is being constructed, and this is the main attack vector for the Metamask imposter. For other wallets, Seaflower also uses a very similar attack vector.

Experts further made a series of recommendations when it comes to keeping wallets in devices secure. These backdoored applications are only being distributed outside app stores, so Confiant advises users to always try to install these apps from official stores on Android and iOS.

What do you think about the backdoored Metamask and Web3 wallets? Tell us in the comments section below.

Earning Passive Income With Crypto

Related Posts

Mercado Pago Extends Its Cryptocurrency Services in Brazil

Mercado Pago, the digital payments company related to Mercadolibre, has recently announced the extension of the crypto services that it provides to users in Brazil. The company…

Bitcoin Miners Bail out as Energy Prices Soar and Profitability Plunges

More and more Bitcoin miners are throwing in the towel amid soaring energy prices and plunging profitability. This has had a knock-on effect on hash rates and…

Cantina Royale Taps Elrond Apes to Boost In-game Cross Chain NFT Collections

Cantina Royale and Elrond Apes are teaming up to enhance the appeal of the upcoming top-down tactical arcade shooter with play-to-earn mechanics. Elrond Apes NFTs will be…

Bitcoin (BTC) Attempts to Create Higher Low Above $20,000

Bitcoin (BTC) is attempting to find support and create a higher low after a breakout from a short-term resistance line. BTC has been decreasing underneath a descending…

Axie Infinity’s Ronin Bridge Relaunches Following March Hack

The Ronin Bridge is open and ready for deposits and withdrawals after it suffered a major security breach in March. The network said the decision to open the bridge…

China Blockchain Alliance Executives: Virtual Currency the ‘Largest Ponzi Scheme in Human History’

The chairman of China’s Blockchain Service Network (BSN) Development Alliance Shan Zhiguang, and his colleague, insisted in a recently published op-ed that virtual currency is “undoubtedly the…