TechFlow news, May 8 — The "Web3 Security Initiative" launched by BitsLab discovered a critical vulnerability in the customer support system of a well-known wallet client and assisted in its remediation. This vulnerability allowed attackers to traverse users' historical chat records by replacing session IDs and impersonate official support agents to send arbitrary messages to any user, potentially leading to leaks of sensitive information such as wallet details and email accounts, and enabling malicious actors to conduct phishing attacks targeting users' private keys.
After receiving this vulnerability report through the "Web3 Security Initiative," the BitsLab team conducted comprehensive technical analysis, thoroughly identifying the root cause and attack methodology, and proposed precise countermeasures that helped the wallet client effectively mitigate risks of data leakage and phishing attacks, significantly enhancing its privacy and security. This discovery and assistance in fixing a critical flaw in a prominent wallet underscores the ongoing contributions of the BitsLab team and the "Web3 Security Initiative" to global blockchain asset security.
