The Seaflower Trojan Horse Campaign: How to Protect Your Digital Wallet

Key Takeaways:

  1. Use Cold Wallets Rather Than Hot Ones

  2. Avoid Fraudulent Websites and Links

  3. Use Dual-Factor Authentication (2FA)

  4. Install Antivirus Software

  5. Keep Your Seed Phrase and Password Secure



What’s New?

In June 2022, digital advertising security agency Confiant identified cybercriminals likely working in China targeting individuals’ Web3 wallets to steal their cryptocurrency, and dubbed this group ‘Seaflower.’ Instead of the typical approach of hacking and corrupting pre-existing iOS and Android Web3 wallet applications, they created a backdoor within the widely-used Web3 wallet apps Coinbase, MetaMask, TokenPocket, and imToken to copy their formatting to design deceitful ‘Trojan Horse’ versions (1). The hackers then posted the app download links on corrupt websites of their making, primarily Baidu and other Chinese search engines. Seaflower’s dubious approach begs the question - “How can I protect my digital wallet?” This blog will describe how you can ensure your Web3 wallet is safe and ways to know if your digital wallet may be under threat.

 

Tip #1: Use Cold Wallets Rather Than Hot Ones

The temperature difference between hot and cold wallets refers to their internet connection. Hot wallets refer to those connected to the internet, which includes Coinbase wallet, MetaMask, TokenPocket, and imToken that the Seaflower Trojan Horse Campaign targeted. Cold wallets are offline like those stored on a USB. While hot wallets may be easier for users to access, they are also easier for hackers to access. Cold wallets require more technical knowledge and you must be sure to remember your password because there is no reset button. However, for the security they provide, cold wallets with some encryption are the better choice for users if possible. 

Note: All other tips below specifically pertain to hot wallets, but are still helpful for other accounts you hold and personal cybersecurity.

 

Tip #2: Avoid Fraudulent Websites and Links

Where to Look:

  • The Wddress - The “s” in https:// stands for secure and those without may be fraudulent. One great way to identify fishy websites is to use a domain tracker to determine how long the domain has been active and the identity of the creator. 

  • Grammar and Spelling -  Poor choice of language is often a key indicator of a fraudulent link, both within the website’s address and the webpage itself. 

  • Email and Social Media - Any messages via email, social media, or other internet-based platforms requesting you to send cryptocurrency to them are almost always fraudulent. Unless you know the person requesting the funds, don’t engage with these messages. If you send money via cryptocurrency, be sure to verify the recipient’s wallet address to be sure you are sending your funds to the correct person or organization. 

Note: If possible, always go to the source. To download a legitimate and trustworthy app, the best route is to go to the app store rather than click on a website link.

 

Tip #3: Use Dual-Factor Authentication (2FA)

If cold wallets seem unappealing, dual-factor authentication is one of the best ways to give your wallet an extra level of security. When you or anyone else tries to login to your account, you will receive an email and/or message with a verification code. Since you are the only party to receive the verification code, this acts as a second layer of protection against hackers and anyone besides yourself trying to access your cryptocurrency wallet.

There are many different means of dual-factor authentication, depending on the intended use. For your devices, this may be something like a biometric scan of your fingerprint or face to ensure that the intended user (you) is the person using your device. Sometimes the website or application you are using provides you with a unique security token to enter in addition to your password. There are also applications such as DUO that gives you a one-time passcode sent to your device to prevent against hacks. This process adds a possession component to your accounts, with this second layer being something you alone can access.


Tip #4: Install Antivirus Software

Installing antivirus software programs can be one of the most effective ways to put your mind at ease and keep your wallet safe. These programs prevent cryptocurrency hacks and other cybersecurity threats, with most antivirus software automatically updating at least once a day.

 

Tip #5: Keep Your Seed Phrase and Password Secure

Seed Phrase: Your seed phrase refers to the 12-24 word phrase generated by hot wallets like CoinWallet that is unique to your account. In order to sign in, this phrase must be entered in the same sequential order as when it was generated during the signup process. If you lose your seed phrase, you lose your wallet permanently. So, keep this in a secure and safe place that you know where it is, but nobody else does. 

Password: According to SplashData, the most commonly used passwords in 2022 include “1. 123456, 2. 123456789, 3. qwerty, 4. Password (2).” For hackers and web trolls, these passwords are so simple to hack, making your account all that more accessible to them. We believe keeping your password safe is as easy as 1, 2, 3:

  1. Use both lowercase and uppercase letters.

  2. Try to use a longer password or even a passphrase, with at least 8 characters.

  3. Use a mix of letters, numbers, and special characters.

 

Conclusion:

Just like the Seaflower Campaign, there are hacking collectives and individual hackers worldwide trying to target Web3 wallets. Instead of being reactive, MACH37 recommends you to be proactive. That is why we have a devoted accelerator program to early stage startup companies who are developing cyber related products and services and are ready to take their business to the next level through expanding their networks, learning key business approaches and seeking investment. We encourage those interested in being part of the cybersecurity community to apply here to be part of the cyber change that MACH37 represents. We hope this article helps you keep your Web3 wallet secure and your mind intrigued by what the world of cybersecurity has in store. 

**Disclaimer: MACH37 encourages cybersecurity measures, but the recommendations included herein do not guarantee full security and users of Web3 wallets do so at their own risk.

 

Who Are We? 

VentureScope works with creative entrepreneurs, venture capital investors, and large private and public sector organizations around the world that are trying to solve interesting problems. Our team has extensive and unique experience launching new business ventures, investing in promising startups, running startup accelerators, and providing strategic innovation and general management consulting services to large private and public sector organizations. We’re on the pulse of emerging and over-the-horizon technology and are tracking their growth and development against important industry problems to inform our deal flow and give you exceptional advice. MACH37 is our start-up accelerator designed to facilitate the creation of the next generation of cyber product companies. 

 

References: 

1 - https://www.securityweek.com/chinese-hackers-adding-backdoor-ios-android-web3-wallets-Seaflower-campaign

2 - https://techcult.com/most-common-passwords/

3 - https://levelup.gitconnected.com/what-are-crypto-wallets-exploring-web3-60cf1674aa4a      (Image)