Thought I had posted this before, but not seeing it. Seems I got it wrong the first time, thinking it was metamask and not the Everscale Blockchain Wallet; Ever Surf
Seems that metamask has a design flaw which makes it very vulnerable. Seems that it isn’t too complicated to discover the codes.
Everscale Blockchain Wallet
I read the title of this piece of news in The Record and it just made me shake my head. The item is titled: “Everscale blockchain wallet shutters web version after vulnerability found.”
Yeah, no kidding. What moron could possibly think that offering a web browser based
cryptocurrency wallet was sane? Anyone who was capable of beginning to create such a thing
should know that it’s just a bad idea. As we’ve often observed on this podcast, just because you can do something doesn’t mean that you should do something. Here are the first two sentences of The Record’s story:
“The company behind Ever Surf, a wallet for the Everscale blockchain ecosystem, is shuttering its web version after a vulnerability was found by Check Point researchers. The Ever Surf team confirmed that the vulnerability allowed attackers to gain access to wallets.”
The Record is reporting on research which was performed by CheckPoint Research. The
CheckPoint guys explained:
Blockchain technology and decentralized applications provide users with a number of
advantages. For example, users can utilize the service without creating an account and it can
does not require communication with a centralized infrastructure, such as a web server, and it can interact with the blockchain directly or by using a browser extension like Metamask.
In this case, the user is identified using keys that are stored only on a local machine inside a
browser extension or a web wallet. If a decentralized application or a wallet stores sensitive
data locally, it must ensure this data is reliably protected. In most cases, decentralized
applications run inside the browser and therefore may be vulnerable to attacks such as XSS.
This research describes the vulnerability found in the web version of Ever Surf, a wallet for the Everscale blockchain. By exploiting the vulnerability, it’s possible to decrypt the private keys
and seed phrases that are stored in the browser’s local storage. In other words, attackers
could gain full control over victims’ wallets.
It turns out that one of the code libraries the implementers used is not fully supported in web
browsers. The code attempts to obtain a cryptographic nonce with a call to
“DeviceInfo.getUniqueId”. The problem is that this function requires access to its underlying
device, so it’s only defined when running natively on Android, iOS or Windows. I have a snippet
of the function in the show notes showing what this one-line function does:
“unknown” … and thus, that value is never unique and that value is used to salt the hash. As we have learned on this podcast eons ago, salting hashes is crucial to the security of hashed
passwords because the salt effectively customizes the hash per use. With the salt broken,
CheckPoint was able to trivially brute force the user’s 6-digit PIN. Yes, on top of everything else, even if the system was working correctly, its entire security was controlled by a 6-digit PIN.
CPR roughly re-implemented the key derivation and keystore decryption in NodeJS and
performed a brute-force attack on the PIN code.
This resulted in a performance of 95 passwords per second on 4-core Intel Core i7 CPU.
Although this is not a very high speed, it is sufficient for the attack on a 6-digit PIN code. In
the worst case scenario, checking 10^6 possible variants means the entire attack takes
approximately 175 minutes.
For our experiment, we created a new key in Surf and dumped the keystore from the
browser’s [unencrypted] local storage. In our case, the attack took 38 minutes. At the end, we
got the derived key and decrypted the seed phrase that can be used to restore the keys on