Popular crypto wallet discontinued after fatal flaw discovered

The flaw made decrypting keys a trifle

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A popularcryptocurrency wallethas been discontinued after a vulnerability was identified that could have allowed threat actors to drain tokens from accounts.

As discovered by researchers from Check Point, the web version of Everscale’s blockchain wallet (known as Ever Surf) suffered from a relatively simple flaw that allowed crooks to exfiltrate private keys and seed phrases stored in localbrowserstorage.

To do that, they would first have needed to obtain the encrypted keys of the wallet, which is usually done through malicious browser extensions, infostealermalware, or plain old phishing.

After obtaining the encrypted keys, the attackers could have used a simple script to perform a decryption. The vulnerability made decryption possible in “just a couple of minutes, on consumer-grade hardware," the researchers explained.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Expensive teething

CPR disclosed the vulnerability to Ever Surf developers, who then released a desktop version that mitigates the flaw, the company said in a press release. The web version has been labeled deprecated and only for development purposes.

Seed phrases from accounts that store real value in crypto should not be used in the web version of Ever Surf, the researchers warned.

“Everscale is still in the early stages of development. We assumed that there might be vulnerabilities in such a young product,” said Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This new Windows botnet could drain your crypto wallet>1Password update will stop you becoming a crypto disaster story>Malicious apps are being used to steal crypto from iOS and Android users

“When working with cryptocurrencies, you always need to be careful, ensure your device is free of malware, do not open suspicious links, keep OS andantivirussoftware updated. Despite the fact that the vulnerability we found has been patched in the new desktop version of the Ever Surf wallet, users may encounter other threats such as vulnerabilities in decentralized applications, or general threats like fraud, phishing.”

Ever Surf is described as a cross-platform messenger, blockchain browser, and crypto wallet for the Everscale blockchain network. It currently has more than 669,000 active accounts all over the world.

To stay safe, users should not follow suspicious links, especially those sent from unknown individuals, always keep their OS andantivirussoftware updated, and should not download any software or browser extensions before verifying the identity of the source.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now