THE DAILY ENCRYPT

[date-today format='F j, Y']

Cloning Metamask and other Web3 Wallets is an Approach Hackers Use to Steal Crypto

Confiant, an agency for advertising security, discovered a number of malicious activity that involved distributed wallet apps. This allowed hackers to steal private keys and...
Photo by Shubham Dhage

Confiant, an agency for advertising security, discovered a number of malicious activity that involved distributed wallet apps. This allowed hackers to steal private keys and then acquire funds from users through backdoored imposter accounts. These apps are distributed by cloning legitimate websites, making it appear that the user is downloading an authentic app.

Malicious Cluster Targets Web3 enabled Wallets like Metamask
Hackers are getting more inventive when it comes to exploiting cryptocurrency users. Confiant, a company dedicated to analyzing the quality of ads as well as the security threats they might pose for internet users, has warned of a new type of attack affecting users of web3 wallets such as Metamask or Coinbase Wallet.

Confiant referred to the cluster as “Seaflower” as it was one of the most advanced attacks of its type. These apps are almost identical to the original apps but have a codebase that allows hackers access to the seed phrases and funds.

Distribution and Recommendations
These apps are mostly distributed outside of regular app stores through links discovered by users using search engines like Baidu. According to investigators, the cluster is likely Chinese-derived due to the language in which code comments are written and other elements such as infrastructure location and services used.

These apps’ links rank highly in search engines due to their clever handling of SEO optimizations. Users are tricked into thinking they are visiting the real site. These apps are sophisticated because of the way the code is hidden. This obscures much about how the system works.

This backdoored app transmits seed phrases to remote locations at the same moment it is being built. This is the main attack vector of the Metamask imposter. Seaflower uses a similar attack vector for other wallets.

Experts also offered a number of suggestions for keeping wallets safe on mobile devices. These backdoored apps are not available in app stores. Confiant recommends that users always use official Android and iOS stores to download these apps.

Felipe Rodriguez

Felipe Rodriguez

Felipe states he has super powers, some argue that case but he does come up with some very clear predictions. Felipe is based in the US and frequently travels to Brazil where he was born. He is a journalist of the future and has a portfolio of crypto projects he has worked with. Felipe always says "The future doesn't scare me as much as the past, crypto is here to stay but only time will tell where it will take us".
Felipe Rodriguez

Felipe Rodriguez

Felipe states he has super powers, some argue that case but he does come up with some very clear predictions. Felipe is based in the US and frequently travels to Brazil where he was born. He is a journalist of the future and has a portfolio of crypto projects he has worked with. Felipe always says "The future doesn't scare me as much as the past, crypto is here to stay but only time will tell where it will take us".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES