Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies

A security vulnerability has been disclosed in the web version
of the Ever Surf wallet that, if successfully weaponized,
could allow an attacker to gain full control over a victim’s
wallet.

“By exploiting the vulnerability, it’s possible to decrypt the
private keys and seed phrases that are stored in the browser’s
local storage,” Israeli cybersecurity company Check Point said in a
report shared with The Hacker News. “In other words, attackers
could gain full control over the victim’s wallets.”

CyberSecurity

Ever Surf[1]
is a cryptocurrency wallet for the Everscale (formerly FreeTON)
blockchain that also doubles up as a cross-platform messenger and
allows users to access decentralized apps as well as send and
receive non-fungible tokens (NFTs). It’s said to have an estimated[2] 669,700 accounts across
the world.

By means of different attack vectors like malicious browser
extensions or phishing links, the flaw makes it possible to obtain
a wallet’s encrypted keys and seed phrases that are stored in the
browser’s local storage, which can then be trivially brute-forced
to siphon funds.

Given that the information in the local storage is unencrypted,
it could be accessed by rogue browser add-ons or
information-stealing malware that’s capable of harvesting such data
from different web browsers.

CyberSecurity

Following responsible disclosure, a new desktop app has been
released to replace the vulnerable web version, with the latter now
marked as deprecated and used only for development purposes.

“Having the keys means full control over the victim’s wallet,
and, therefore funds,” Check Point’s Alexander Chailytko said.
“When working with cryptocurrencies, you always need to be careful,
ensure your device is free of malware, do not open suspicious
links, keep OS and anti-virus software updated.”

“Despite the fact that the vulnerability we found has been
patched in the new desktop version of the Ever Surf wallet, users
may encounter other threats such as vulnerabilities in
decentralized applications, or general threats like fraud, [and] phishing.”

References

  1. ^
    Ever
    Surf     (blog.everscale.network)
  2. ^
    estimated
    (everscale.network)

Read more