SeaFlower Backdoor Exposed: Stealthy Attacks on Web3 Wallets Stealing Seed Phrases

A dangerous new threat called SeaFlower is hitting users of popular Web3 wallets. This campaign tries to steal your seed phrases, the secret keys to your crypto funds. Started in early 2022, it shows how risky it is to use Web3 wallets without strong safety steps.

Attackers hide bad code inside real-looking wallet apps. Your wallet works fine on the surface, but in the background, it sends your seed phrase to hackers. This makes SeaFlower Backdoor one of the sneakiest attacks on crypto users today.

What Makes the Campaign So Dangerous?

The SeaFlower backdoor campaign stands out for its smart tricks. It beats many past attacks in hiding power. Experts say it comes close to big groups like Lazarus in skill level.

Researchers found clues pointing to a Chinese-speaking team. They saw macOS user names, IP addresses from China, and signing tools used in the attack. But pinning it on one group is hard.

The name SeaFlower comes from Chinese words and a user name tied to a Chinese writer. This threat has been active for years, targeting fans of decentralized finance (DeFi) and NFTs.

How the Targets Web3 Wallets

SeaFlower goes after top wallets like MetaMask, Coinbase Wallet, TokenPocket, and imToken. Attackers change these apps by adding hidden backdoor code.

Here’s how it works step by step:

• Install the fake app: You download what looks like the real wallet.
• Set up your wallet: Everything looks normal. The app opens, connects to blockchain, and lets you add funds.
• Enter seed phrase: When you type or import your 12-24 word seed, the backdoor wakes up.
• Steal data: It sends your seed phrase over a hidden, encrypted link to the hackers’ server.

The app uses tricks like the startupload() function in MetaMask’s iOS version. This code grabs the seed from storage and uploads it quietly. In other cases, they tweak tools like MonkeyDev to inject malware code.

No pop-ups, no slow downs. Network checks show talks to odd domains, but most users miss this.

Tricky Ways Spreads to Victims

To get the bad apps out, SeaFlower makes fake websites that copy real download pages. These sites rank high on Chinese search engines like Baidu.

A quick search for “MetaMask download” might lead you to a clone site. Click download, and you get the backdoored app. It’s aimed at users in Asia but can hit anyone worldwide.

These fake sites use real logos, same layout, and even fake reviews. This mix of phishing and malware makes SeaFlower backdoor extra hard to spot.

Why Web3 Wallets Are Easy Targets for

Web3 wallets hold big power. Your seed phrase controls all your crypto, NFTs, and DeFi positions. Lose it, and hackers drain your wallet in minutes.

Unlike bank apps, wallets run on your phone or computer. Bad apps can read local files easily. Plus, crypto users often chase new apps or sideload for features, opening doors to risks.

SeaFlower exploits this trust. Users think they’re safe with popular names like MetaMask. But one wrong download, and it’s game over.

Real-World Impact of Seed Phrase Theft

Stolen seeds mean total loss. No bank recovery here. We’ve seen millions lost in similar attacks. SeaFlower adds to the tally, with unknown victim numbers since it’s so hidden.

Experts from firms like Confiant warn: even if the backdoor hides, seed theft is real danger. Funds go to mixers, then vanish.

Top Tips to Protect Your Web3 Wallet from and Similar Threats

Don’t panic, but act now. Here are simple steps to stay safe:

1. Download only from official stores: App Store, Google Play, or wallet sites like metamask.io. Skip sideloading.
2. Check URLs: Look for https:// and exact domain. Avoid typos like metarnask.com.
3. Use hardware wallets: Ledger or Trezor keep seeds offline. Link to software wallets safely.
4. Verify app hashes: Official sites share checksums. Match your download.
5. Watch network traffic: Tools like Wireshark spot odd connections.
6. Enable 2FA and passkeys: Where possible, add extra layers.
7. Never share seeds: Real wallets never ask for them.
8. Update apps: Patches fix old holes.

For devs: Add code checks, watermark apps, and warn on third-party profiles.

The Bigger Picture: Evolving Crypto Cybersecurity

SeaFlower backdoor proves Web3 needs better defenses. As crypto grows, so do smart hackers. Chains like Ethereum see billions daily—prime targets.

Future fixes? Better app signing, AI threat detection, and user education. Wallets could scan for backdoors on install.

Stay ahead: Follow crypto security news, test small amounts first, and use multi-sig for big holdings.

Final Thoughts on the Threat

The SeaFlower Backdoor Campaign reminds us: in Web3, you own your security. One slip with a fake app can cost everything. Check downloads, use official sources, and keep seeds secret.

By knowing how works, you can fight back. Protect your seed phrases today—your crypto future depends on it.

Discuss this news on our Telegram Community. Subscribe to us on Google news and do follow us on Twitter @Blockmanity

Did you like the news you just read? Please leave a feedback to help us serve you better

Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.