Alert: Smart Contract Wallets Created at the Border at Risk of Phishing


Affected configurations: All Create smart contract wallets with Ethereum Wallet FrontierVersion 0.4.0Beta 7) Or earlier. Wallets Created with Ethereum Wallet Version 0.5.0 and all subsequent versions March 3, 2016 are unaffected.

Likelihood: Low

Impact: High


Do Not use wallet contracts, owner accounts or wallets created by others. Ethereum Wallet 0.4.0 or later If You can send or interact with a malicious transaction and it could gain access to your wallet contract. Create Get a new wallet to move your money.

Be Extra Careful?

Do You should not use vulnerable wallet contracts or the owner accounts of such wallets to send ether or interact with contracts that you don’t understand! If These accounts and wallets are not for you. You need to update your wallet. Description HereAre you sure?


An Attack vector discovered to affect smart contract wallets that were created prior to the release Homestead (Frontier phase). The Attacks can occur when a wallet is compromised by a malicious contract or if a wallet owner interacts with malicious contracts that know their wallet address. An An attacker can then pretend to be the owner, steal tokens or funds and alter the owner of the wallet.

If If you don’t trust your wallet and owner account with contracts you don’t understand, you are safe!

Receiving Ether Sending Ether It is okay to have accounts without a contract.

AlsoMultisig configurations are more secure than single-sig wallets. The attacker would have to force you to send malicious contracts to all owners.

Recommended Action:

We If you create a wallet with the affected versions of the software, you should follow these steps:

  • Create A new wallet The latest version Ethereum Wallet Any version of 0.5.0 or higher Transfer your funds Over there. You These steps can be followed.
  • Take The following actions:, Do not use any account What is a? Owner From the wallet that is affected, or from the wallet itself To interact with unknown or closed-source contracts that could trigger arbitrary acts (including Ether forwarding). SendYou can

Related articles

Recent articles