Developers of crypto wallet ZenGo have warned of a security weakness in transaction simulation solutions used by popular decentralized applications, (dApps) that allows malicious dApps steal user assets based on opaque transaction approvals offered to and approved by the users.
The name of the attack method, Red Pill, comes from the iconic “red pill” scene from The Matrix movie series.
“If malware is able to detect its actually being executed in a simulated environment (“living in the matrix”) it can behave in a benign manner thus deceiving the anti-malware solution, and reveal its true malicious nature only when actually executed in a real environment,” ZenGo explains.
ZenGo team says they found six cryptocurrency wallet providers vulnerable to Red Pill attacks, including Coinbase, Rabby Wallet, Pocket Universe, Fire, and Blowfish. All affected vendors have released fixes to address the issue.
“Transaction Simulation, inspired by anti-malware sandbox security solutions, can be a highly useful tool in defenders’ toolbox, providing much-required visibility into opaque Web3 transactions. However, when not implemented securely, transaction simulation may backfire and actually help attackers defraud users out of their assets,” the researchers pointed out.