Bitcoin News

Hackers Are Cloning Web3 Wallets Like Metamask and Coinbase Wallet to Steal Crypto

Confiant, an agency for advertising security, discovered a number of malicious activity that involved distributed wallet apps. This allowed hackers to steal private keys and then acquire funds from users through backdoored imposter accounts. These apps are distributed by cloning legitimate websites, making it appear that the user is downloading an authentic app.

Malicious Cluster Targets Web3 enabled Wallets like Metamask

Hackers are getting more inventive when it comes to engineering attacks on cryptocurrency users. Confiant, a company dedicated to examining ads quality and security threats to internet users, warned of a new type of attack targeting users of popular Web3 wallets such as Metamask or Coinbase Wallet.

Confiant referred to the cluster as “Seaflower” as it was one of the most advanced attacks of its type. These apps are almost identical to the original apps but have a codebase that allows hackers access to the seed phrases and funds.

Distribution and Recommendations

These apps are mostly distributed outside of regular app stores through links discovered by users using search engines like Baidu. According to investigators, the cluster is likely Chinese-derived due to the language in which code comments are written and other elements such as infrastructure location and services used.

These apps’ links rank highly in search engines due to their clever handling of SEO optimizations. Users are tricked into thinking they are visiting the real site. These apps are sophisticated because of the way the code is hidden. This obscures much about how the system works.

This backdoored app transmits seed phrases to remote locations at the same moment it is being built. This is the main attack vector of the Metamask imposter. Seaflower uses a similar attack vector for other wallets.

Experts also offered a number of suggestions for keeping wallets safe on mobile devices. These backdoored apps are not available in app stores. Confiant recommends that users always use official Android and iOS stores to download these apps.