Popular Web3 apps found to be vulnerable to Red Pill attacks

Popular Web3 apps found to be vulnerable to Red Pill attacks

Developers of crypto wallet ZenGo have warned of a security weakness in transaction simulation solutions used by popular decentralized applications, (dApps) that allows malicious dApps steal user assets based on opaque transaction approvals offered to and approved by the users.

The name of the attack method, Red Pill, comes from the iconic “red pill” scene from The Matrix movie series.

“If malware is able to detect its actually being executed in a simulated environment (“living in the matrix”) it can behave in a benign manner thus deceiving the anti-malware solution, and reveal its true malicious nature only when actually executed in a real environment,” ZenGo explains.

ZenGo team says they found six cryptocurrency wallet providers vulnerable to Red Pill attacks, including Coinbase, Rabby Wallet, Pocket Universe, Fire, and Blowfish. All affected vendors have released fixes to address the issue.

“Transaction Simulation, inspired by anti-malware sandbox security solutions, can be a highly useful tool in defenders’ toolbox, providing much-required visibility into opaque Web3 transactions. However, when not implemented securely, transaction simulation may backfire and actually help attackers defraud users out of their assets,” the researchers pointed out.

Back to the list

Latest Posts

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

Kosovo man extradited to US for running BlackDB.cc criminal marketplace

If convicted on all counts, Masurica faces up to 55 years in federal prison.
14 May 2025
Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Multiple actively exploited zero-days patched in Microsoft, Ivanti, and Fortinet products

Microsoft shipped patches for over 70 flaws, five of which have been flagged as actively exploited zero-day bugs.
14 May 2025
Chinese hackers exploit SAP NetWeaver in cyber campaigns targeting critical infrastructure

Chinese hackers exploit SAP NetWeaver in cyber campaigns targeting critical infrastructure

The flaw was exploited to gain access to enterprise systems globally.
14 May 2025