Confiant, an ad security agency, has discovered a series of malicious activities involving distributed wallet apps that allow hackers to steal private seeds and obtain users’ funds via backdoor scammer wallets. The apps are distributed by cloning legitimate websites which gives the appearance that the user is downloading an original app.

Malicious cluster targets Web3-enabled wallets like Metamask

Hackers are getting more and more creative when designing attacks to take advantage of cryptocurrency users. Confiant, a company dedicated to studying the quality of ads and the security threats they could pose to internet users, has warned of a new type of attack affecting users of popular Web3 wallets like Metamask and Coinbase Wallet.

The cluster, identified as “Seaflower,” was classified by Confiant as one of the most sophisticated attacks of its kind. The report states that ordinary users cannot detect these apps as they are virtually identical to the original apps but have a different code base that allows hackers to steal the wallets’ seed phrases and give them access to the funds provide.

Sales and Recommendations

The report found that these apps are mainly distributed outside of regular app stores through links found by users on search engines like Baidu. Investigators state that the cluster must be of Chinese origin due to the languages ​​in which the code comments are written and other elements such as infrastructure location and services used.

The links of these apps reach popular places in search pages due to the intelligent handling of SEO optimizations, which allows them to rank high and make users believe that they are accessing the real website. The sophistication of these apps depends on the way the code is hidden, obscuring much of how this system works.

The backdoor app sends seed phrases to a remote location at the same time it is created, and this is the main attack vector for the Metamask scammer. For other wallets, Seaflower also uses a very similar attack vector.

Experts also made a number of recommendations when it comes to keeping wallets safe on devices. These backdoor applications are only distributed outside of app stores, so Confiant advises users to always try to install these apps on Android and iOS from official stores.

What do you think of the backdoor Metamask and Web3 wallets? Tell us in the comment section below.

Sergio Goschenko

Sergio is a cryptocurrency journalist based in Venezuela. He describes himself as late in the game and entered the cryptosphere when the price surge took place in December 2017. He has a computer engineer background, lives in Venezuela and is socially affected by the cryptocurrency boom. He offers a different take on crypto success and how it’s helping those who are unbanked and underserved.

photo credit: Shutterstock, Pixabay, Wiki Commons, photo_gonzo

Disclaimer: This article is for informational purposes only. It is not a direct offer, or a solicitation of an offer to buy or sell, or a recommendation or endorsement of any product, service, or company. does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

What's your reaction?
Leave a Comment