Web3 Wallets Targeted by Chinese Hackers; “SeaFlower” Using Cloned Websites to Trick Crypto Traders
A hacking group out of China has been identified using a rather low-tech yet effective way to steal money from Web3 wallets: distributing altered versions that have holes programmed into them. The Chinese hackers cloned the distribution sites of legitimate wallets, tricking users into downloading a compromised version. Researchers with digital advertising security firm Confiant spotted and tracked the threat actor’s activity, and characterizes it as a “highly sophisticated” operation. The Chinese hackers are primarily targeting searches for a specific group of Web3 wallets and are focused on iOS and Android users. The Chinese hackers are having success with this approach primarily due to attention to detail, both in cloning the official websites of the Web3 wallets and the actual wallet code. The only difference from the legitimate download process and user experience is the insertion of backdoor code that allows them to drain funds from the victim.