A popular cryptocurrency wallet has been discontinued after a vulnerability was identified that could have allowed threat actors to drain tokens from accounts.
As discovered by researchers from Check Point, the web version of Everscale’s blockchain wallet (known as Ever Surf) suffered from a relatively simple flaw that allowed crooks to exfiltrate private keys and seed phrases stored in local browser storage.
To do that, they would first have needed to obtain the encrypted keys of the wallet, which is usually done through malicious browser extensions, infostealer malware, or plain old phishing.
After obtaining the encrypted keys, the attackers could have used a simple script to perform a decryption. The vulnerability made decryption possible in “just a couple of minutes, on consumer-grade hardware,” the researchers explained.
CPR disclosed the vulnerability to Ever Surf developers, who then released a desktop version that mitigates the flaw, the company said in a press release. The web version has been labeled deprecated and only for development purposes.
Seed phrases from accounts that store real value in crypto should not be used in the web version of Ever Surf, the researchers warned.
“Everscale is still in the early stages of development. We assumed that there might be vulnerabilities in such a young product,” said Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software.
“When working with cryptocurrencies, you always need to be careful, ensure your device is free of malware, do not open suspicious links, keep OS and antivirus software updated. Despite the fact that the vulnerability we found has been patched in the new desktop version of the Ever Surf wallet, users may encounter other threats such as vulnerabilities in decentralized applications, or general threats like fraud, phishing.”
Ever Surf is described as a cross-platform messenger, blockchain browser, and crypto wallet for the Everscale blockchain network. It currently has more than 669,000 active accounts all over the world.
To stay safe, users should not follow suspicious links, especially those sent from unknown individuals, always keep their OS and antivirus software updated, and should not download any software or browser extensions before verifying the identity of the source.