Plague_Dr.

Web 3.0 Wallet Attack - SeaFlower

By Keith Thuerk | New to Crypto's? | 18 Jun 2022


Web 3.0 Wallet Attack - SeaFlower

 

Hello friends, as you know currency is central to Web 3.0 while the workflows and Wallets are essential to protect what is yours!

Who discovered it? Confiant, a security firm that protects against bad actors in online advertising, uncovered a set of malicious activities it has labeled “SeaFlower,” that target Web3 wallet users.

When - this activity was discovered by Confiant in March '22, however, I am just now reading about it this week.

What is it? A very sophisticated Web 3.0 attack has been found on Android and iPhone Apps, it is now known as SeaFlower.

  • the app installs a backdoor that steals Wallet Keys.

  • Provisioning profiles, to bypass iOS security controls requiring App store control designed to protect you
    • Apple has since removed those provisioning profiles, but you know hackers are quick to find another way
  • Signing infrastructure,
  • App provisioning infrastructure hosted in the Chinese IP address space and the Hong Kong IP address spaces
  • Additionally, to the domains registered with .cn

What else to consider? Crypto Bridges are weak links in the sense their intrinsic value creates motivation for bad actors (hackers) to target these points within the blockchain networks where value is concentrated. 

 

Summary - you always have to have your guard up as Hackers are relentless and this hack is super sophisticated; you need to be as well. You must understand how your apps work daily and what is outside the normal operating environment. Yeah, this is brutal, so much to know and understand, that is our complex world!!!

How do you rate this article?

32


Keith Thuerk
Keith Thuerk

Currently learning about Crypto and DeFi to combat the Inflationary Tidal wave coming our way!


New to Crypto's?
New to Crypto's?

New to Crypto's? What are the key constructs? Best Practices

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.