Hackers Are Cloning Web3 Wallets Like Metamask and Coinbase Wallet to Steal Crypto – When it comes to devising attacks to take advantage of cryptocurrency users, hackers are becoming increasingly creative.
Confiant, a firm committed to assessing the quality of advertisements and the security risks they may represent to internet users, has issued a warning about a new type of attack impacting users of popular Web3 wallets such as Metamask and Coinbase Wallet.
Confiant classified the cluster, dubbed “Seaflower,” as one of the most sophisticated attacks of its kind. According to the research, ordinary users will not be able to detect these apps because they are nearly identical to the real apps but feature a different codebase that allows hackers to steal the wallets’ seed phrases, giving them access to the funds.
Also Read: Five South Korean Crypto Exchanges Respond to Litecoin MWEB Upgrade by Delisting the Coin
According to the survey, these apps are largely distributed outside of traditional app stores, via links identified by users in search engines like Baidu. The investigators believe the cluster must be of Chinese origin because of the languages used in the code comments, as well as other factors such as infrastructure location and services used.
Due to the careful administration of SEO optimizations, the URLs of these apps reach famous locations in search sites, allowing them to rank high and deceiving people into thinking they are visiting the real site. The sophistication of these programs stems from the way the code is concealed, obscuring much of the system’s operation.
The Metamask impostor uses a backdoored app to send seed phrases to a remote location as it is being built, and this is the main attack vector. Seaflower employs a similar attack vector for other wallets.
Also Read: Binance Reveals Incident That Forced It to Freeze BTC Withdrawals
Experts have presented a number of advice for keeping wallets secure in mobile devices. Because these backdoored applications are only available outside of app stores, Confiant advises users to always try to download them from official Android and iOS app stores.
