Hello everyone! 👋
Neplox Team here. We have launched our website, neplox.security, and are finally ready to introduce ourselves!👥
❓ Who are we?
❓ What is our mission?
🌟 Follow us on our journey:
🔗 X: x.com/neploxaudit
🔗 Immunefi: immunefi.com/neploxaudit
🔗 Github: github.com/neploxaudit
🔗 Website: neplox.security
Stay tuned,
Neplox @neploxaudit
Neplox Team here. We have launched our website, neplox.security, and are finally ready to introduce ourselves!
We're a group of professional security researchers coming from different backgrounds within the field. Each one of us wields a unique skillset, which makes the Neplox team complete in terms of expertise.
Our passion for unique technologies drives us to make Web2 / Web3 systems safer. We deeply analyze and perform unique research to ensure the safety of your users and assets.
Stay tuned,
Neplox @neploxaudit
Please open Telegram to view this post
VIEW IN TELEGRAM
55⚡3
Long time no see! 👋
We've got some news to share! This is what our team has been up to during the first month of the new year:
💬 🌐 Launched our Knowledge Base 💬
▶️ 🔗 extensions.neplox.security
💬 🚩 Participated in the Remedy CTF 💬
▶️ Solved 17 [
💬 📆 Prepared a talk for SECCON 💬
▶️ ‟Attacking Crypto Wallets: an In-Depth Look at Modern Browser Extension Security”
Stay tuned,
Neplox @neploxaudit📈 neplox.security
We've got some news to share! This is what our team has been up to during the first month of the new year:
Welcome to our knowledge base on the security of Chromium extensions!
This site is a compilation of insights and knowledge gathered through extensive experimentation with popular extensions;
78%] tasks and got 3 [13%] first bloods!Secured our place at the top of the scoreboard of the biggest Web3-focused CTF of all time.
Soon you'll see our write-ups on our blog, neplox.security;
We are happy to announce that our Call-for-Papers application got accepted!
See you at the very beginning of March in Tokyo!
Stay tuned,
Neplox @neploxaudit
Please open Telegram to view this post
VIEW IN TELEGRAM
32⚡4
We've presented our report ‟Attacking Crypto Wallets: an In-Depth Look at Modern Browser Extension Security” at the SECCON Cybersecurity Conference in Tokyo!
Check out our Presentation Slides & Do not forget to have a look at our Knowledge Base on the security of Chromium extensions:
PDF: blobs.neplox.securityPDF: attacking-crypto-wallets.pdf 1️⃣ Extension Overview
2️⃣ Extension UIs
3️⃣ Extension / Website Interactions
4️⃣ Website / Extension Interactions
5️⃣ Chrome / Extensions
📊 Products: Coinbase, Crypto.com, Zerion, Uniswap, ...
🔍 CVE: CVE-2024-10229, CVE-2024-11110
Thank you,
▪️ SECCON, for the warm welcome and the "Best Presentation Award"▪️ Metamask, for your care for security & for your visit▪️ Coinbase, Zerion, ... Security Teams, for the quick remediation & cooperation▪️ Chrome Project Security Team, for the quick remediation & cooperation▪️ Neplox Team members, for your efforts
Stay tuned,
Neplox @neploxaudit
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
3⚡5
Media is too big
VIEW IN TELEGRAM
*️⃣ SECCON @ Tokyo, Japan / March '25*️⃣ Zer0con @ Seoul, Korea / April '25*️⃣ PHDays @ Moscow, Russia / May '25
Thankfully, participating in PHDays provided us with a recording of our talk. For your convenience, it is translated to English and uploaded to our resources:
[1080p][480p]We are grateful for the opportunity to share our knowledge with the community. Thanks for having us!
Stay tuned,
Neplox @neploxaudit
Please open Telegram to view this post
VIEW IN TELEGRAM
18⚡8
Received: +100 TON💬 The enchanted gateway before you hums with blockchain energy. As you enter, a DApp oracle appears.
— “Adventurer,” it cries, “fortune favors you! A treasure of 100 TON lies but a click away.”
A spectral interface shimmers into view, proclaiming: “Winner of the Airdrop Trials!”. An ancient script pulses with power, requesting a bond with your Wallet. Do you accept the blessing?
The interface crackles with etheric runes, awaiting your decision. Do you dare to approve the transaction and claim your prize?
💬
We've laid our hands on a few TON Crypto Drainers designed specifically to steal native coins, NFTs and Jettons, including: X-TonDrainer, Julia Drainer and TOD / The Open Drainer;
Analyzed their source code, classified them with Levels and discovered what features of legitimate products they exploit in order to appear less suspicious. All of the results are now documented in our latest article ‟Down the Drain: Unpacking TON of Crypto Drainers” .
0️⃣ Level 0: Redirection, Verification Problem, Origin Forgery, Telegram Bots
1️⃣ Level 1.0: TON, NFT, Jetton, Altered Libs
1️⃣ Level 1.1: UI Redressing, Custom Wallets, Wallet Impersonation
1️⃣ Level 1.2: Forcing Actions, Events Tracking
2️⃣ Level 2: Local Storage, TON Connect Components, TON Connect Bridge MitM
📊 Products: TON Connect, Tonkeeper, MyTonWallet, TON Wallet, Telegram Wallet, XTON Wallet, ...
Stay tuned,
Neplox @neploxaudit
Please open Telegram to view this post
VIEW IN TELEGRAM
32⚡4
Error occured!
Click here to try again.📌 Previously, we covered features of TON Connect that drainers tend to аbusе in order to appear less suspicious in our research article ‟Down the Drain: Unpacking TON of Crypto Drainers”, including:
▪️ dApp Impersonation
▪️ UI Redressing
▪️ Custom Wallets & Wallets Impersonation
▪️ Events Tracking
▪️ Storage Tampering
Our team has looked into it a bit more, and found out that not only does exploitation of TON Connect features lead to misleading behavior on the dApp's part, but also affect the way some wallets perceive those dApps or even trigger vulnerabilities present in these wallets due to incorrect parsing implementation!
That is why we've published our new research article ‟TON't Connect! NOTe on securing TON Wallets”, which reveals a bit more information on attack vectors & actual vulnerabilities we've already reported to wallets of the TON network.
1⃣ Wallet Impersonation⏩ extra phishing vector
with the use of in-built features;
2⃣ dApp Impersonation⏩ main phishing vector
via ton-connect manifests;
3️⃣ Redirects from trusted context
from wallets➡️ to resources controlled by attackers;
4️⃣ UI Redressing⏩ Clickjacking
of wallets UI via malicious manifests;
5️⃣ XSS⏩ Data leak / Loss of funds
within the context of wallets via malicious manifests;
Stay tuned,
Neplox @neploxaudit
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
9⚡4