Enhancing Wallet Safety Against Compromised dApps
11-17, 14:30–15:00 (Europe/Istanbul), Conference Room 2

Coinspect uncovered vulnerabilities in over 40 cryptocurrency wallets, with varying severity levels. Many of these vulnerabilities let attackers compromise wallets simply by having users visit attacker-controlled websites, granting access to users' mnemonic phrases or forcing silent transaction signatures.

Along the way, we noticed a common denominator among the multiple vulnerabilities reported: the attack vector, which most of the times required a compromised or malicious DApp to successfully exploit them.

In response, we are developing a tool to detect early signs of DApp compromises, currently being tested with MetaMask Snaps. We invite individuals to a session to delve into these security issues, and our research projects.

Coinspect identified vulnerabilities in more than 40 crypto wallets, ranging from minor to critical severity levels and spanning various supported blockchains. Throughout our research, we discovered that multiple wallets can be compromised by attackers through a simple visit to their malicious site. These vulnerabilities allowed silently access to the user's mnemonic phrase or unknowingly forced wallets to sign transactions which could empty the victim's funds, to name a few.

A common pattern among these vulnerabilities is that they share the same attack vector, which is a compromised or malicious DApp. While attackers already profit from taking over DApps, targeting wallet vulnerabilities could further boost their gains. Therefore, we expect adversaries will adopt this combined approach, potentially leading to even greater financial losses.

To deal with this concern, we started an internal research venture to make DApp interactions safer for users. Our approach, focused on early detection of compromised DApp signs, provides wallet users and DApp publishers with a real-time security status. Momentarily, this research-driven tool is in a testing phase using MetaMask Snaps.

Join us for a session where we explore these crucial topics and discover more about our ongoing projects focused on proactive security. We'll also discuss our findings and their implications for crypto asset theft. Plus, we'll look at the main security problems that software wallets deal with and how our internal efforts towards compromised DApps detection can level up web3 security.

Franco Riccobaldi is a computer security consultant with over a decade of professional experience. He has provided consulting services to leading global technology firms and Fortune Global 500 companies. Currently at Coinspect, his primary focus is on researching crypto wallet security.

As a Web3 Security Engineer at Coinspect, I've uncovered and reported multiple vulnerabilities to over 40 wallets in 2023. Previously, I worked as a security researcher and consultant, driven by a passion for meaningful security research.