Everscale funds in the hands of cybercriminals

April 29, 2022

Recently, investigations identified a security vulnerability in Everscale's blockchain portfolio. Had this breach been exploited, cybercriminals would have gained full control of the victim's wallet and funds. The vulnerability has been discovered in the web version of the Everscale wallet, known as Ever Surf. Available on the Google Play Store and the Apple App Store, Ever Surf is a cross-platform messaging service, blockchain browser, and cryptocurrency wallet based on blockchain technology. Everscale has completed 31.6 million transactions and has more than 669,000 accounts worldwide.

Responsible disclosure and collaboration with Everscale

The vulnerability to the developers of Ever Surf has been disclosed at the moment. The web version has been declared obsolete and should only be used for development purposes. Account formulas that store real value in crypto should not be used in the web version of Ever Surf.

Attack methodology

By exploiting the vulnerability, it was possible for a cybercriminal to decrypt the private keys and startup keys stored in the browser's local memory. Its potential attack methodology is summarized as follows:

  1. Getting the encrypted keys from the wallet: Attackers typically use malicious browser extensions, infostealer malware, or just plain phishing to get the keys.
  2. Decrypt them by running a simple script: With the help of the discovered vulnerability, decryption takes only a couple of minutes on a consumer-grade computer.
  3. Steal funds from the wallet.

Cyber security tips

If someone steals the passwords of a wallet, the cryptocurrency funds can become easy prey for cybercriminals, and no one can do anything to get the money back. To prevent key theft, we recommend:

  1. Do not follow suspicious links, especially if they are received from strangers.
  2. Keep your operating system and antivirus updated.
  3. Do not download programs and browser extensions from unverified sources.

Our services can do the best to keep your cryptocurrencies on track without getting worried if hackers will chase after them.


  • Dominguez, M.L. (2022). Un fallo de seguridad en el monedero de Everscale podría haber permitido a los ciberdelincuentes controlar sus fondos. Retrieved April 26th, 2022, from: https://cybersecuritynews.es/un-fallo-de-seguridad-en-el-monedero-de-everscale-podria-haber-permitido-a-los-ciberdelincuentes-controlar-sus-fondos/

Authored by

Jorge Daniel Tejeda