22 March 2023

Popular Web3 apps found to be vulnerable to Red Pill attacks


Popular Web3 apps found to be vulnerable to Red Pill attacks

Developers of crypto wallet ZenGo have warned of a security weakness in transaction simulation solutions used by popular decentralized applications, (dApps) that allows malicious dApps steal user assets based on opaque transaction approvals offered to and approved by the users.

The name of the attack method, Red Pill, comes from the iconic “red pill” scene from The Matrix movie series.

“If malware is able to detect its actually being executed in a simulated environment (“living in the matrix”) it can behave in a benign manner thus deceiving the anti-malware solution, and reveal its true malicious nature only when actually executed in a real environment,” ZenGo explains.

ZenGo team says they found six cryptocurrency wallet providers vulnerable to Red Pill attacks, including Coinbase, Rabby Wallet, Pocket Universe, Fire, and Blowfish. All affected vendors have released fixes to address the issue.

“Transaction Simulation, inspired by anti-malware sandbox security solutions, can be a highly useful tool in defenders’ toolbox, providing much-required visibility into opaque Web3 transactions. However, when not implemented securely, transaction simulation may backfire and actually help attackers defraud users out of their assets,” the researchers pointed out.

Back to the list

Latest Posts

Free VPN provider SuperVPN exposes 360 million user records

Free VPN provider SuperVPN exposes 360 million user records

In total, 133GB of sensitive data including user email addresses, original IP addresses, and geolocation information is said to have been exposed in the leak.
29 May 2023
Cyber security week in review: May 26, 2023

Cyber security week in review: May 26, 2023

The world in brief: New ICS malware discovered, hacktivists expose Russian hacker wanted in the US, Pegasus spyware found in Armenia and Azerbaijan, and more.
26 May 2023
Barracuda’s email gateway appliances breached via zero-day bug

Barracuda’s email gateway appliances breached via zero-day bug

The vulnerability resided in a module which initially screens the attachments of incoming emails.
25 May 2023