Warning About Deceptive Wallet Extension
In a concerning development, Socket, a blockchain security firm, has issued a warning regarding a deceptive wallet extension available on the Google Chrome Web Store. Dubbed “Safery: Ethereum Wallet,” this extension presents itself as a trustworthy tool aimed at the management of Ethereum assets, yet it harbors a malicious intent to harvest user seed phrases.
Mechanism of the Scam
According to a report released on Tuesday by Socket, the wallet operates through a sophisticated mechanism that extracts seed phrases by covertly encoding them into synthetic Sui addresses. The extension, which is currently the fourth result when users search for “Ethereum Wallet” on the Chrome Web Store, follows reputable wallets such as MetaMask and Wombat in the search rankings.
Users are misled by the extension’s promises, which allow them to either create new wallets or import existing ones. However, this functionality poses two major security threats:
- New Wallet Creation: When users generate a new wallet, their seed phrase is immediately compromised as it is transmitted to the scammers through a minimal Sui transaction, putting their funds at risk from the outset.
- Existing Wallet Transfer: When users input their seed phrase to transfer an existing wallet, the malicious actors gain access to their sensitive information once again through the same transactional method.
Details of the Scheme
Socket elaborated on this scheme, explaining that the extension encodes the BIP-39 mnemonic into specific Sui style addresses, followed by initiating a minuscule transaction to those addresses using the malicious handler’s mnemonic. This clever ruse enables the attackers to decrypt the original seed phrase hidden behind ordinary-looking blockchain activities, resulting in the possible theft of the user’s assets.
Red Flags and Precautions
Despite its visibility in searches, Safery shows several red flags indicating its fraudulent nature. These include:
- Lack of user reviews
- Minimal branding
- Noticeable grammatical errors
- Absence of an official website
- Developer profile linked to a generic Gmail account
To avoid falling victim to such scams, it is crucial for cryptocurrency users to conduct thorough due diligence on any blockchain tools they consider and exercise heightened caution with their seed phrases. Solid cybersecurity practices, along with regular monitoring of wallet transactions—even the smallest ones—are essential for safeguarding assets against potential theft.
