Hackers Are Stealing Crypto By Cloning Wallets, Report Says

Hackers are uping their game, creatively engineering attacks to take advantage of crypto users.

Cybersecurity firm, Confiant, has warned about a new kind of attack affecting users of popular Web3 wallets like Metamask and Coinbase Wallet.

Confiant is a company that is dedicated to examining the quality of ads and the security threats these might pose to internet users.

The cluster, that was identified as “Seaflower,” was qualified by Confiant as one of the most sophisticated attacks of its kind.

The report states that common users cannot detect these apps, as they are virtually identical to the original apps, but have a different codebase that allows hackers to steal the seed phrases of the wallets, giving them access to the funds.

The links of these apps reach popular places in search sites due to the intelligent handling of SEO optimizations, allowing them to rank high and fooling users into believing they are accessing the real site.

The sophistication in these apps comes down to the way in which the code is hidden, obfuscating much of how this system works.

The backdoored app sends seed phrases to a remote location at the same time that it is being constructed, and this is the main attack vector for the Metamask imposter.

For other wallets, Seaflower also uses a very similar attack vector.

These backdoored applications are only being distributed outside app stores, so Confiant advises users to always try to install these apps from official stores on Android and iOS.