- Confiant discovered a new scheme where crypto users are being tricked into inputting their seed phrase on fake wallets.
- These fake wallets appear to be cloned from prominent apps like MetaMask and Coinbase Wallet.
- Confiant also hinted at the possibility of Chinese-speaking people who are behind the scheme.
Advertising security firm Confiant announced its discovery of a new hacking scheme within the crypto space. This time, hackers are tricking people into giving away their seed phrase through fake crypto wallets.
According to Confiant, hackers have been cloning the wallet interface of reputable applications like MetaMask, Coinbase Wallet, TokenPocket, and imToken. Unsuspecting users would then download these cloned wallets and key in their seed phrase. Once the seed phrase has been submitted, hackers would obtain the information and drain the victim’s account of his or her crypto.
This new scheme has been identified as “Seaflower,” and regular users would find it difficult to detect this malicious attack. In detail, these cloned apps are identical to the legitimate ones, although they have a different codebase that allows hackers to obtain the seed phrases.
Confiant went on to explain how the apps are distributed outside the regular app stores and shared through links on search engines like Baidu, which caters to Chinese-speaking users. Because of the languages in which code comments are composed, and other items like the infrastructure’s placement and the services utilized, investigators believe that the group is Chinese in origin.
The researchers were not able to determine how many people were duped into downloading these applications, but Coinbase’s app has over 10 million downloads on Android alone.
According to Confiant, the campaign began as early as March 2022 .It’s “the most technically capable threat targeting web3 users,” the security firm added, surpassing the notorious Lazarus Group.
Meanwhile, the North Korean Lazarus Group is reported to have made away with more than $400 million in crypto in 2018, according to reports.