HomeEthereumSecurity Alert – Smart Contract Wallets created in frontier are vulnerable to...
Security Alert – Smart Contract Wallets created in frontier are vulnerable to phishing attacks
Ethereum

Security Alert – Smart Contract Wallets created in frontier are vulnerable to phishing attacks

crypto4unews
By crypto4unews

-

212
0


Affected configurations: All smart contract wallets created using Ethereum Wallet  Frontier, version 0.4.0 (Beta 7) or earlier. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016, are not affected.

Likelihood: Low

Severity: High

Summary:

Do not use wallet contracts or owner accounts of those wallets that were created by the Ethereum Wallet 0.4.0 or earlier. If you send to (or interact with) a malicious contract it could take ownership of your wallet contract. Create a new wallet and move your funds.

How to be super safe??

Don’t use the vulnerable wallet contracts, AND the owner accounts of these wallets to send ether and interact with contracts you don’t know!
If you don’t use these accounts and wallets, and upgrade your wallet as described here, you are safe!

Details:

An attack vector was discovered that affects the smart contract wallets created before the Homestead release (Frontier phase). The attack can happen if an affected wallet interacts with a malicious contract OR if the owner account of an affected wallet interacts with a malicious contract that knows the address of his wallet. An attacker can then impersonate the owner and thus can steal funds or tokens and change the owner of the wallet.

If you do not use your wallet and owner accounts with contracts you don’t know, you are safe!

Receiving Ether and sending Ether to non-contract accounts is fine.

Also if you configured your wallet with multisig, you are safer, as the attacker would need to make you send with all owners to malicious contract(s).

 

Proposed solution:

We recommend that if you created a wallet using the affected versions, you take one of these steps:

  • Create a new wallet with the latest version of Ethereum Wallet (any version from 0.5.0 or newer) and move your funds there. You can follow these steps.
  • Until you do the above, do not use any account which is an owner of an affected wallet, or the affected wallet itself to interact with closed source or otherwise unknown contracts that might trigger arbitrary actions (including forwarding Ether). Send/interact only to addresses you own, or know!
  • Create a secondary account for your every day usage. This one should not be connected to your contract wallets

 

We created a new Ethereum Wallet release 0.7.6, which will detect your vulnerable wallets.

Download the latest release and follow the steps described in the release notes to update your vulnerable wallets!

https://github.com/ethereum/mist/releases/tag/0.7.6



Source link

Previous article
DAO Wars: Your voice on the soft-fork dilemma
Next article
Ethereum vs Bitcoin Comparison: Understanding Their Differences & Unique Strengths
crypto4unews
crypto4unewshttps://crypto4unews.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

LATEST POSTS

Ethereum

Partial history expiry announcement | Ethereum Foundation Blog

As of today, all Ethereum execution clients support partial history expiry in accordance with EIP-4444. While work on full, rolling history expiry is ongoing,...
Bitcoin

PumpFun Token Sale on July 12-15 as Gate.io Deletes Page

Key TakeawaysThe PumpFun token sale rumor generates social volume despite no official statement from its X account. Gate.io deletes its PumpFun token sale from its...
Blockchain

G2 Summer 2025 Reports: 101 Blockchains Earned Record-Breaking 34 Badges

G2 has just released its highly anticipated summer 2025 reports, and we have struck gold once again. 101 Blockchains earned 34 badges in the...
Bitcoin

Yupp Airdrop Guide | How To Join?

Key TakeawaysYupp is a consumer AI model discovery and evaluation platform that lets users explore and compare the latest AI models for free.The platform...
Load more

Most Popular

Subscribe to our newsletter!

The information provided on Crypto4Unews.com is for informational purposes only and should not be considered financial advice. Cryptocurrency investments carry risks, and it is crucial to conduct your own research and consult with a financial advisor before making any investment decisions. We strive to deliver accurate and up-to-date information, but we cannot guarantee the reliability or completeness of the content. Crypto4Unews.com is not responsible for any losses or damages arising from the use of our site or reliance on its information. Always invest responsibly and be aware of market volatility.

Latest articles

Popular Categories

© Copyright - 2024 crypto4unews.com. All rights reserved.