How I extracted my Metamask seed phrase in seconds.
And steps you should take to stop an attacker using the method to exploit you.
The “old” saying in crypto is “not your keys, not your wallet” and after the catastrophic fallout from FTX stealing users funds: many users of centralised exchanges, understandably, started to worry and move their funds to their own wallets.
A wise move.
…but it got me thinking.
How safe are my funds now I’ve moved them from my CEX wallet (a wallet that I don’t know the private keys for) to my Metamask wallet?
Taking in to account how it’s technically impossible it is to crack a private key or seed phrase for a unique user with consumer or commercial hardware - the answer, I found, is not very safe at all under certain conditions.
A little bit about me…
I’m Dana. Co-creator, CTO and lead developer for flur.ai.
I got into computers from a very early age, started developing apps before I was a teenager and had a full blown passion for full-stack engineering with a splash of cyber-security by the time I was 16.
(I’m going somewhere with all of this, I promise)
Earlier this week, I was able to write the 120 lines of Python you’re about to see - and turn it into something that could ruin someone’s life.
SBF already ruined me by stealing all of my savings a few weeks ago, so I know how heartbreaking it is.
I’d much rather pass my findings on to you guys so that your lives are a little bit harder for a hacker to ruin.
But first:
If you’re tech savvy, use a password manager, don’t use autofill (especially for your password manager), have a completely unique password for your Metamask wallet — you’re already protected and this article isn’t for you. Keep slaying, queen.
That being said, an attacker could still grab your hash and attack it with a GPU locally if you’re a Metamask user who falls prey to an attacker.
Do you use AutoFill?
You know: that super handy feature on every browser?
The one that saves all of your email addresses, passwords, credit card info for the sites you frequently use etc?
I used to until the other day when I discovered how insanely easy it was to extract that information and send it to an attacker.
Remember those 120 lines of code I was talking about?
I could send those usernames, passwords and the websites they were from to my c2 server and then to myself in plain text with 30 lines of that code — and for literally every site I’d ever used the feature on.
I was pretty shocked to see the credentials for every one of those sites listed right in front of my eyes in plain text.
Remember when I said this particular attack only works under certain conditions?
That was one of them… so rule number one if you want to keep your crypto safe is to trade convenience for security and NEVER use autofill… Like…ever. Wipe that shit from your computer before you continue reading this article.
Rule number two would be to NEVER use a password you have previously saved using autofill as your Metamask password. This is a huge no-no.
While it may be very convenient for you to use the same password for everything: it will come back to bite you in the arse one day.
I’ll explain why below.
But first…
Here’s the attack in action -
I won’t share this code publicly for the sole reason that some script kiddie could just use it to attack an innocent user.
Much like the first girl I ever slept with — you’re only getting the tip… and the payload.
I’ve explained the method to attack in here and I’m terrible at writing code, so it’s easy to replicate… but grabbing this highly sensitive info is, amazingly, actually a feature of Metamask.
My intentions here are to show you how to protect yourself so no one can use this method of attack against you.
The “problem” with Metamask…
Is similar to the problem with grabbing the browser’s autofill credentials… The sensitive information is always located in the same place on everyone’s, otherwise, unique computers. This makes it as easy to grab on my computer as it does on yours, be it Windows, Mac or Linux.
For the second stage of the attack: I grabbed my Metamask hash.
The file that contains the meat and potatoes of my crypto wallet.
In order to extract the seed phrase from this encrypted, seemingly random, string of numbers and letters: it needs to be decrypted with… you guessed it -
The password you set for your Metamask wallet.
The same one you log into your wallet with when you start your computer.
Metamask allow you to find this hash relatively easy for completely benign, legit, and admittedly handy measures (but only handy if you’re an idiot) like if your browser was corrupt and you weren’t able to open, let’s say, Chrome browser on your computer any more.
If you didn’t save your seed phrase or private key (which should be rule 1, but I guess it’s gonna be rule number 3) then this file, that’s tucked away in your chrome/firefox/brave extension config files, could be the key to saving your bacon and allow you to retrieve your precious shitcoins. The same shitcoins you’re probably still holding that your favourite influencer pumped and dumped last year.
You can read more about this absolutely dumb feature here.
By having this option publicly available, it reduces the security of everyone that bothered to save their keys and seeds safely and securely.
I personally think this option is a huge mistake by the Metamask powers that be/devs.
Keeping your seed phrase secure, keeping track of your private keys and applying the most basic fundamentals of crypto security should just be forced down people’s throats and would stop the need for them to code this feature in at all.
If you’d have done the above and your browser got corrupted?
…you’d do what any normal person would do.
Re-install your browser, re-download the Metamask extension and import the private key or seed phrase you were told to guard with your life by literally everyone in crypto.
I’ve not found this issue with other browser based wallets like Brave wallet yet, but the problem’s that Metamask seems to be the gold standard for web3 DeFi so it’s a high value target due to its popularity.
Most other options like brave wallet aren’t supported when you go to a web3 site and attempt to connect your wallet.
Back to the attack…
(I should also state that part of the code strips away the fat: like the usernames, sites they’re for and only saves the passwords from the autofill in a nice, formatted list in a random directory on the victim computer for using to specifically attack Metamask later)
So now I’ve grabbed the credentials and I have the hash — it’s time to run stage three of the attack. The final stage.
By importing a 3rd party BTC wallet decrypter from Github that has metamask decryption capabilities, I simply ran my password list of stolen autofill creds against the json I snarfed from the extension directory.
Here’s what I was presented with…
My seed phrase. Right there in the open on my console logs — primed and ready to be uploaded to my c2 server.
So… what can you do to avoid this type of attack?
The first thing…
Don’t trust people.
I would suggest always being wary of other humans.
These attacks don’t happen by chance: they occur because some malicious entity wants them to occur and they’ve singled you out and picked you as their target.
Don’t click dodgy links, don’t download sketchy PDF’s, don’t download .exe, .dmg or .apk files that aren’t signed. Don’t be duped by fake community admins asking you to go to those dodgy sites (always check in the groups if you’re approached by an admin to check their legitimacy) and more recently…
Don’t let the hot girl/guy at the coffee shop charge their phone from your laptop, no matter how desperate they may appear to be.
These days you can pwn a laptop with an innocuous looking phone charger and a one liner Powershell script that executes complex commands faster than it takes you to look at your coffee and stir in your milk or sugar.
Trust me, I own one of those cables, they’re fast.
https://www.youtube.com/watch?v=Y1xzkHOWFkA
If you’re that desperate to talk to a member of the opposite sex, download Tinder, go on Omegle or carry a selection of wall powered phone chargers with you. You could even buy an O.MG cable detector from hak5 in case this rare situation happens to you ;)
This attack would be classed as part of a multi-staged attack: the first part of that attack being the attacker obtaining a reverse shell with admin rights on your computer. That could be done by any number of methods and usually delivered by the social engineering attacks I listed above, so keep in mind that that’s how those people initially gain access.
The second thing…
Don’t use autofill. Ever.
Trade convenience for security, especially if you’re holding your savings on that machine.
It is scary how easy it is to grab every single one of your passwords and email addresses because they’re saved in your local storage. They’re also insanely easy to decrypt. I’m talking milliseconds from garbled, jumbled text to clean, crisp plain-text.
The third thing…
Be unique.
For the love of God… mix your bloody passwords up.
Don’t think that because you have a nice secure password with 30 characters, upper/lowercase, numbers and symbols automatically means you’re safe.
If you use that password on every site - you only need to mess up once.
As the IRA famously said to Margaret Thatcher:
“We only need to be lucky once. You need to be lucky all the time”
Once the website you use it on has been compromised, or you were the victim of a phishing attack… congratulations, your user info is on some darknet marketplace or in an attackers hands to run against your socials, emails, bank or phone provider.
If having a separate and secure password for every web app is inconvenient for you — you’re gonna love the fourth thing.
The fourth thing…
Use a password manager.
They’re cheap, they’re effective, they’re secure, they’re convenient, they’re just what you need to stay protected.
I picked mine up from Keeper. It costs me roughly $30 per year and it’s been an absolute lifesaver.
Not only did I used to forget my logins for certain sites all the time and forever had to use the “forgot password” feature — I also just simply used to forget which sites I’d used or created an account for for certain projects.
By using Keeper, I found that that having all of that information in a nice collated list with folders for each of my projects or needs (banks, socials, websites I control etc) was an absolute game changer for my productivity, let alone my security.
bUt HaViNg AlL yOuR pAsSwOrDs In OnE pLaCe Is InSeCuRe
No. No it isn’t.
2fa, self destruct mode, offline access only options, auto-logouts and security key functionality call bullshit on that chain of thought.
If an attacker managed to install a keylogger on you: it’s already game over by that point. This exists to protect you before that situation occurs.
Even if you were unlucky enough to be a victim to the keylogger — there’s still hope for you.
The fifth thing…
Mix it up.
Even if you’re using your fancy new password manager and someone manages to pwn your machine and gain access to it… just make it harder for them.
There’s nothing stopping you adding other unique stuff that’s only stored in your brain to the beginning, end, three characters in, or wherever to the randomly generated password it creates.
For example, let’s say that my password manager generated this password;
ig)Zu?j4gJf1pk96Z+M)
Pretty secure, right?
Extremely hard to crack…
But useless if someone had amazingly gained access to your password manager. There’s nothing stopping them from copying this password and using it against you.
How do we solve that? The same way we always do… make them sweat for it.
If I knew this password was for Google, I could keep the
ig)Zu?j4gJf1pk96Z+M) part of the password in my password manager, but simply keep extra stuff in my head and add those unique characters in when I go to paste it into, let’s say, Google — like this:
ig)Zu?j4gJf1pk96Z+M)
Vs
Gooig)Zu?j4gJf1pk96Z+M)Gle
Of course, don’t actually use this exact method — mix it up to your own personal taste.
Even if there’s a keylogger installed on your computer, it’s doubtful that it’s sophisticated enough to know where you’re writing the additional stuff in the password string if you’re clicking the gaps with your mouse. Keyloggers are, however, able to see how many times you’ve pressed your arrow keys.
(I wouldn’t recommend the show password feature incase they’re taking screenshots too)
Summary:
I hope that this article has made you wise to one of the ways I’ve found to gain access to your precious seed phrase.
If you enjoyed it, please don’t hesitate to give me a follow, or if you’re a fellow cryptonaught like me — you should join us over at Flur.
I look forward to seeing you in our community.
Love from Dana@ https://flur.ai
