Vulnerabilities in Blockchain Wallet Ever Surf Identified by Check Point Research

The Everscale blockchain wallet was found to have a security flaw by Check Point Research (CPR). If the vulnerability had been exploited, an attacker would have had complete access over a victim’s wallet and the assets it contained.

Everscale’s wallet, dubbed Ever Surf, was found to have a security flaw. Cross-platform messaging, browser and cryptocurrency wallet for the Everscale blockchain network can be downloaded from Google Play and Apple’s App Store.

Key notes:

• Everscale’s wallet, dubbed Ever Surf, was found to have a security flaw. Ever Surf is a cross-platform messenger, blockchain browser, and cryptocurrency wallet for the Everscale blockchain network, which is available on Google Play and Apple iOS Store.
• Based on Telegram’s TON blockchain, Everscale is a smart contract platform with an estimated 31.6 million transactions and more than 669,00 users globally.
• More than 669,000 users and 31.6 million transactions have been completed on the Everscale blockchain network.

An attacker might decode the private keys and seed phrases saved in the browser’s local storage by exploiting the issue. The following is an overview provided by CPR of a possible attack methodology:

• Get the wallet’s encrypted keys. Typically, attackers use harmful browser extensions, information-stealing software, or phishing to get access to keys.
• Run a simple script to decrypt the keys. On a consumer-grade computer, decryption takes only a few minutes thanks to a newly identified flaw.
• CPR revealed the issue to Ever Surf developers, who later produced a desktop version that protects against this flaw.
• For now, users should only work in development mode on the online version.

The online edition of Ever Surf should not utilize seed phrases from accounts that hold actual value in crypto. CPR’s technical paper includes a comment from Ever Surf.

“Everscale’s popular blockchain wallet has a flaw that allows an attacker to quickly decode the wallet’s private keys. Victims’ savings are at risk if they lose the keys to their wallets. The Telegram team created the TON network, which was eventually replaced by the Everscale network. Everscale, on the other hand, is still in its infancy. We figured there could be flaws in a product that was so new. We were also intrigued about how the most popular wallet for this blockchain implements key security. When a hacker obtains private keys and seed phrases in plain text via CPR’s proof of concept, they may utilize these to take over the wallet of the victim.

Always exercise caution while dealing with cryptocurrencies; make sure your computer is malware-free, don’t click on any untrusted links, and keep your OS and anti-virus software up to current. Because of additional vulnerabilities in decentralized apps and general dangers like as fraud and phishing, the updated desktop version of the Ever Surf wallet has been patched for the vulnerability we discovered.”

Blockchain transactions are final and cannot be reversed. In contrast to a bank, you cannot dispute or stop a transaction in the blockchain. If your wallet’s private keys are taken, thieves will be able to access your crypto cash, and no one will be able to assist you to recover them.