Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Blockchain Wallet. Show all posts

Critical Vulnerability Identified in Ever Surf Blockchain Wallet

 

A vulnerability identified in the browser version of the Ever Surf blockchain wallet could have allowed attackers full control over a victim’s wallet and subsequent funds, say threat analysts at Check Point Research. 

Available on Google Play and Apple iOS Store, Ever Surf is described as a cross-platform messenger, blockchain browser, and crypto wallet for the Everscale blockchain network. It currently has nearly 670,000 active accounts worldwide and claims it has facilitated at least 31.6 million transactions.

According to Check Point researchers, the web version of the Ever Surf blockchain wallet suffered from a relatively simple bug that allowed malicious actors to exfiltrate private keys and plant phrases stored in local browser storage. To do that, threat actors first needed to secure the encrypted keys of the wallet, which is usually done via malicious browser extensions, infostealer malware, or plain old phishing.

Subsequently, the bad actors could have used a simple script to perform decryption. The susceptibility made decryption possible in “just a couple of minutes, on consumer-grade hardware," the researchers stated. 

CPR reported the vulnerability to Ever Surf developers, who then published a desktop version that mitigates the flaw, the company said in a press release. The web version is now declared deprecated and should only be used for development purposes. Seed phrases from accounts that store real value in crypto should not be used in the web version of Ever Surf, the researchers warned. 

“Everscale is still in the early stages of development. We assumed that there might be vulnerabilities in such a young product,” said Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software 

“When working with cryptocurrencies, you always need to be careful, ensure your device is free of malware, do not open suspicious links, and keep OS and antivirus software updated. Despite the fact that the vulnerability we found has been patched in the new desktop version of the Ever Surf wallet, users may encounter other threats such as vulnerabilities in decentralized applications, or general threats like fraud, phishing,” Chailytko added. 

To mitigate the risks, researchers recommended users not to follow suspicious links, particularly those sent from unknown sources, always keep their OS and antivirus software updated, and avoid downloading any software or browser extensions before verifying the identity of the source.