Solflare Crypto Wallet Vulnerability - "xpass exploit"
-
During a recent audit of the
Solflare Crypto Wallet v1.74.2browser extension, I came across a major vulnerability that allows the encrypted seed phrase and private keys to be recovered -- without requiring the wallet password to decrypt them. This "xpass exploit" seems to only affect newer Solflare wallets, with version1.74.2 February 7, 2025being the latest at the time of this writing.This means a Solflare wallet and all of its crypto can be instantly compromised if an attacker gains access to the user's PC -- whether physical, or via malicious software.
If you use Solflare, I would highly recommend you immediately transfer all your crypto to a trusted wallet since
your crypto is not safe in Solflare.I have contacted Solflare via chat (Feb 12, 2025) and email (Feb 15, 2025) to make them aware of this vulnerability and will give them time to release a patch before I publicly release a full writeup.
Timeline of reporting:
2025-02-12 @15:36 (CST)
Chat transcript snippet with Solflare Tech Support:
(transcript is in Solflare's time zone of CET)
2025-02-15 @17:29:50 (CST)
Email sent to Solflare (vulnerability info redacted):
Stay tuned. The writeup will be posted on my GitHub:
https://github.com/cyclone-github/solflare_pwnSolflare Chrome Browser Extension:
https://chromewebstore.google.com/detail/solflare-wallet/bhhhlbepdkbapadjdnnojkbgioiodbicSolflare Website:
https://solflare.comThis post is solely meant to inform the crypto community of the vulnerability in this crypto wallet. Hopefully, Solflare will promptly patch this vulnerability.
-
Will you post the code how to do this?
-
Nice work cyclone
incredible and hugely worrying that a crypto wallet provider can be so incompetent. Bad enough Atomic Wallet was using a fast hashing algo (MD5) for the IV and Key values for the AES encryption, but this is a complete failure.5x RTX 2080 Ti | 11x ZTEX v1.15y FPGA (bcrypt) | Cracker | Developer
-
Nice work cyclone
incredible and hugely worrying that a crypto wallet provider can be so incompetent. Bad enough Atomic Wallet was using a fast hashing algo (MD5) for the IV and Key values for the AES encryption, but this is a complete failure.@blandy The developers of the atomic wallet are scammers themselves. There have been waves of funds disappearing from users more than once. I also have a friend who kept funds here, he kept the seed phrase only on paper and he had a generated password. The funds disappeared at the same time, as with many AW users. I heard that all this was allegedly done by Lazarus, but during the community research it turned out that this is not the first case in the history of the wallet, which the developers kept silent about.
-
Yes, I remember their system seeming being owned, although they denied this. Too many high value wallets were compromised, likely by themselves I'd suspect. Users need to remember that they are putting a lot of trust into the owners of these software wallets.
-
This vulnerability, as I understand, is directly related to the wallet files, and not to the algorithm?
@blandy Thanks! Hopefully Solflare users will transfer their crypto to a secure wallet before a threat actor exploits this in the wild.
@oe3p32wedw That is correct. The encryption function Solflare used is similar to Phantom, which is secretbox with pbkdf2-sha256 KDF. To clarify, the encryption function is secure, but the vulnerability is what Solflare did after the encryption function. -
Cyclone, this very much annoys me. How could you do this? I found this vulnerability and I had ALREADY reported it.
-
This post is deleted!
-
I independently found the vulnerability while reverse engineering the encryption function, wrote the solflare_pwn toolkit, and reported the vulnerability on Feb 12 to Solflare with a followup email on Feb 15. All of this with timestamps is disclosed on my post above.
This is the 2nd time rickyc2024 has publicly taken credit for my solflare_pwn toolkit and my work on this project. To once again clarify, he has nothing to do with solflare_pwn or me discovering the vulnerability.
@rickyc2024 has been
banned.# EDIT 2025/02/21
I've also banned his dup accounts below since running multiple accounts on the forum is not allowed.General Forum Rules: https://forum.hashpwn.net/post/11
@rickyc2024banned
@rickyig2025banned
@donotbanbanned
@youremailbanned
@jdjwjdiwbannedSysadmin by day | Hacker by night | Go Developer | hashpwn site owner
3x RTX 4090 -
