The company behind Ever Surf, a wallet for the Everscale blockchain ecosystem, is shuttering its web version after a vulnerability was found by Check Point researchers. The Ever Surf team confirmed that the vulnerability allowed attackers to gain access to wallets.
Ever Surf is a cross-platform messenger, blockchain browser, and crypto wallet for the Everscale blockchain network available on Google Play and Apple iOS Store.
It currently has nearly 670,000 users around the world and said it has facilitated at least 31.6 million transactions.
The Ever Surf team released a blog explaining the issue on Friday, writing that security researchers with Check Point discovered the vulnerability and worked with them to resolve it.
Check Point published its own report detailing the issue on Monday, writing that the vulnerability allowed attackers to “easily” decrypt the private keys and seed phrases that are stored in a browser’s local storage, giving attackers full control of a victim’s wallets.
Check Point’s report said the decryption only took a few minutes and could be done with consumer-grade hardware.
Everscale noted that the web version of Ever Surf was “an experimental solution” that was helpful in the initial stages of the platform’s development.
“Unfortunately, now the web version no longer meets our views of fast and secure applications. We planned to increase the security level of Surf and launch a desktop version in the first quarter. As soon as we finish with a SURF token release, developing the token swap exchange, adding a new payment provider and integrating gift cards,” the company explained.
“But when we received an email from the Check Point Research team, we understood there is no time to lose. Check Point Research conducted their own independent research about the security status of the Surf web version and found out its weakness. We followed this report, checked everything and ensured that the vulnerability exists. Our…
