Crypto & Hackers -1 : Don't put your seed everywhere

Vidura Supun Ehalapitiya · August 1, 2021

In the middle of the DOGE coin craze and Elon’s tweets, I’m sure most of you created a crypto wallet. If you paid attention to those oncoming steps, you might remember the application giving you 12 random words to note down. Let’s check the story behind those words, besides the recovery of the wallet.

Seed phrase consists of 12-24 words which gets converted into numbers, with them combined we can make an integer that is used to generate the key pair (Private/Public). These are the keys that you call your wallet on the blockchain where you have all those juicy Bitcoins stored. These words are taken from a 2048 English word dictionary so there are 2048^12 combinations. There is alot to this technically but I’ll leave that for another post.

This wallet is a safe that’s in the middle of a town-square, which only you have the keys to, so anyone who gets their hands on it can access and drain your crypto assets.

Let’s get to the attack details now, this is what we call a social engineering attack where you use human emotions to penetrate security. As per my view, the bad guys exploit a few different things that we all are vulnerable to, besides security awareness, which are fear and greed.. so watch out for those next times you win that 50 BNB airdrop :)

The scammer started the campaign on Facebook like most do, you can see how they are targeting people from Shiba-Inu crypto groups. To make matters worse, this page has been active for a few weeks, despite the reports.

User targeting with a phishing link

After the unsuspected user clicks on the link, they will be greeted with a screen to connect two major software wallets Metamask and TrustWallet.

Wallet connect screen

Let’s say you are very excited to claim the reward -free money right?- and you go ahead and connect the wallet. The attackers push the notification asking for your seed phrase, this is when you should run and never look back.

Give me your wallet:Thank you

So after you click restore, scammers have your wallet. Game over for years of hodling and DCA… This one goes a step further to make sure you have enough ETH as gas to withdraw all the funds to one of their wallets.

What about Gas?

Now that you know the technicality with an attack use case, tread carefully out there friends!!!

According to the author’s research these attackers are running two more sites conducting the same activity with the same domain and different subdomains, If you are curious check the below sites at your own risk.

https://www.virustotal.com/graph/embed/g68822aab24624e779760f6f22d5e7ac69a696ce84fb0408da0988b266af0c0cf

Twitter, Facebook