Security News > 2022 > April > Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet.

"In other words, attackers could gain full control over the victim's wallets."

Ever Surf is a cryptocurrency wallet for the Everscale blockchain that also doubles up as a cross-platform messenger and allows users to access decentralized apps as well as send and receive non-fungible tokens.

By means of different attack vectors like malicious browser extensions or phishing links, the flaw makes it possible to obtain a wallet's encrypted keys and seed phrases that are stored in the browser's local storage, which can then be trivially brute-forced to siphon funds.

"Having the keys means full control over the victim's wallet, and, therefore funds," Check Point's Alexander Chailytko said.

"Despite the fact that the vulnerability we found has been patched in the new desktop version of the Ever Surf wallet, users may encounter other threats such as vulnerabilities in decentralized applications, or general threats like fraud, [and] phishing."

News URL

https://thehackernews.com/2022/04/critical-bug-in-everscale-wallet.html