Check Point Found Critical Vulnerability in Ever Surf Wallet

Published: 25.04.2022

Article reading time:
2 minutes.

A vulnerability has been found in the Ever Surf web wallet for the Everscale blockchain (formerly FreeTON) that allows hackers to steal users’ crypto assets. The developers have already fixed the bug.

The Ever Surf Wallet acts as a cross-platform messenger, providing users with access to decentralized applications, as well as the ability to send and receive non-fungible tokens (NFTs). Cybersecurity experts at Check Point reported that using malicious browser extensions or phishing links, attackers could gain complete control over users’ wallets. With these attacks, fraudsters could decrypt private keys and seed phrases stored in the browser’s local storage.

Given that the information in this vault is not encrypted, it could have been stolen using malware capable of collecting data from different browsers. After being notified of the vulnerability, Ever Surf developers updated the web application, and its outdated version is now used only by developers. Although the reported vulnerability has already been fixed, Check Point recommends that users remain vigilant as they may encounter similar threats in other decentralized applications.

Check Point specialist Alexander Chaylytko warned that if hackers manage to get hold of user keys, they gain complete control over victims’ funds. Therefore, when working with cryptocurrencies, you should be extremely careful not to accidentally install malware. Cybersecurity experts recommend updating the operating system in a timely manner, installing antivirus software, and not clicking on suspicious links.

Recently, Check Point researchers discovered a similar vulnerability in the NFT Rarible site. A few years ago, a favorite type of cyberattack among criminals was the distribution of software for hidden cryptocurrency mining in cloud infrastructures.