{"id":18743,"date":"2026-03-28T03:03:01","date_gmt":"2026-03-28T03:03:01","guid":{"rendered":"https:\/\/cryptoted.net\/index.php\/2026\/03\/28\/security-alert-smart-contract-wallets-created-in-frontier-are-vulnerable-to-phishing-attacks\/"},"modified":"2026-03-28T03:03:01","modified_gmt":"2026-03-28T03:03:01","slug":"security-alert-smart-contract-wallets-created-in-frontier-are-vulnerable-to-phishing-attacks","status":"publish","type":"post","link":"https:\/\/cryptoted.net\/index.php\/2026\/03\/28\/security-alert-smart-contract-wallets-created-in-frontier-are-vulnerable-to-phishing-attacks\/","title":{"rendered":"Security Alert \u2013 Smart Contract Wallets created in frontier are vulnerable to phishing attacks"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\"><b>Affected configurations:<\/b><span style=\"font-weight:400\"> All smart contract wallets created using <em class=\"chakra-text css-0\">Ethereum Wallet \u00a0Frontier, version 0.4.0 (Beta 7) or earlier<\/em>. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016, are not affected.<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\"><b>Likelihood<\/b><span style=\"font-weight:400\">: Low<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\"><b>Severity<\/b><span style=\"font-weight:400\">: High<\/span><\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"summary\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"summary permalink\" href=\"#summary\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Summary:<\/h2>\n<p><span style=\"font-weight:400\">Do not use wallet contracts or owner accounts of those wallets that were created by the Ethereum Wallet 0.4.0 or earlier. If you send to (or interact with) a malicious contract it could take ownership of your wallet contract. Create a new wallet and move your funds.<\/span><\/p>\n<h3 class=\"chakra-heading group css-xuzltg\" id=\"how-to-be-super-safe\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"how to be super safe permalink\" href=\"#how-to-be-super-safe\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>How to be super safe??<\/h3>\n<p><strong>Don&#8217;t use the vulnerable wallet contracts, AND\u00a0the owner\u00a0accounts of these wallets to send ether and interact with contracts you don&#8217;t know!<br \/>\nIf you don&#8217;t use these accounts and wallets, and upgrade your wallet as\u00a0<\/strong><b>described <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/mist\/releases\/tag\/0.7.6\">here<\/a>, you are safe!<\/b><\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"details\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"details permalink\" href=\"#details\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Details:<\/h2>\n<p><span style=\"font-weight:400\">An attack vector was discovered that affects the smart contract wallets created before the Homestead release (Frontier phase). The attack can happen if an affected wallet interacts with a malicious contract OR if the owner account of an affected wallet interacts with a malicious contract that knows the address of his wallet. An attacker can then impersonate the owner and thus can steal funds or tokens and change the owner of the wallet.<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\"><strong>If you do not use your wallet and owner accounts with contracts you don&#8217;t know, you are safe!<\/strong><\/p>\n<p class=\"chakra-text css-gi02ar\"><span style=\"font-weight:400\">Receiving Ether and sending Ether to non-contract accounts is fine.<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\"><span style=\"font-weight:400\">Also if you configured your wallet with multisig, you are safer, as the attacker would need to make you send with all owners to malicious contract(s).<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\">\u00a0<\/p>\n<h2 class=\"chakra-heading group css-1kpzc4q\" id=\"proposed-solution\" data-group=\"true\"><a class=\"chakra-link css-128fqrf\" aria-label=\"proposed solution permalink\" href=\"#proposed-solution\"><svg viewbox=\"0 0 24 24\" focusable=\"false\" class=\"chakra-icon css-173jpr1\"><g fill=\"currentColor\"><path d=\"M10.458,18.374,7.721,21.11a2.853,2.853,0,0,1-3.942,0l-.892-.891a2.787,2.787,0,0,1,0-3.941l5.8-5.8a2.789,2.789,0,0,1,3.942,0l.893.892A1,1,0,0,0,14.94,9.952l-.893-.892a4.791,4.791,0,0,0-6.771,0l-5.8,5.8a4.787,4.787,0,0,0,0,6.77l.892.891a4.785,4.785,0,0,0,6.771,0l2.736-2.735a1,1,0,1,0-1.414-1.415Z\"\/><path d=\"M22.526,2.363l-.892-.892a4.8,4.8,0,0,0-6.77,0l-2.905,2.9a1,1,0,0,0,1.414,1.414l2.9-2.9a2.79,2.79,0,0,1,3.941,0l.893.893a2.786,2.786,0,0,1,0,3.942l-5.8,5.8a2.769,2.769,0,0,1-1.971.817h0a2.766,2.766,0,0,1-1.969-.816,1,1,0,1,0-1.415,1.412,4.751,4.751,0,0,0,3.384,1.4h0a4.752,4.752,0,0,0,3.385-1.4l5.8-5.8a4.786,4.786,0,0,0,0-6.771Z\"\/><\/g><\/svg><\/a>Proposed solution:<\/h2>\n<p><span style=\"font-weight:400\">We recommend that if you created a wallet using the affected versions, you take one of these steps:<\/span><\/p>\n<ul role=\"list\" class=\"css-1ars4k6\">\n<li class=\"css-0\"><b>Create a new wallet<\/b><span style=\"font-weight:400\"> with the latest version of Ethereum Wallet (any version from 0.5.0 or newer) and <\/span><b>move your funds<\/b><span style=\"font-weight:400\"> there. <a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/mist\/releases\/tag\/0.7.6\">You can follow these steps<\/a>.<\/span><\/li>\n<li class=\"css-0\"><i><span style=\"font-weight:400\">Until you do the above<\/span><\/i><span style=\"font-weight:400\">, <\/span><b>do not use any account<\/b><span style=\"font-weight:400\"> which is an <\/span><b><i>owner <\/i><\/b><b>of an affected wallet, or the affected wallet itself<\/b><span style=\"font-weight:400\"> to interact with closed source or otherwise unknown contracts that might trigger arbitrary actions (including forwarding Ether). <\/span><b>Send\/interact only to addresses you own, or know!<\/b><\/li>\n<li class=\"css-0\">Create a secondary account for your every day usage. This one should not be connected to your\u00a0contract wallets<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><span style=\"font-weight:400\">We created a new Ethereum Wallet release 0.7.6, which will detect your vulnerable wallets.<\/span><\/p>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/mist\/releases\/tag\/0.7.6\">Download the latest release and follow the steps described in the release notes to update your vulnerable wallets!<\/a><\/p>\n<p class=\"chakra-text css-gi02ar\"><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/mist\/releases\/tag\/0.7.6\"\/><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-vezwxf\" href=\"https:\/\/github.com\/ethereum\/mist\/releases\/tag\/0.7.6\">https:\/\/github.com\/ethereum\/mist\/releases\/tag\/0.7.6<\/a><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2016\/06\/24\/security-alert-smart-contract-wallets-created-in-frontier-are-vulnerable-to-phishing-attacks\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Affected configurations: All smart contract wallets created using Ethereum Wallet \u00a0Frontier, version 0.4.0 (Beta 7) or earlier. Wallets created with Ethereum Wallet 0.5.0 and all later versions released after March 3, 2016, are not affected. Likelihood: Low Severity: High Summary: Do not use wallet contracts or owner accounts of those wallets that were created by [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":18498,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[24],"tags":[],"kronos_expire_date":[],"class_list":["post-18743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ethereum"],"_links":{"self":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/comments?post=18743"}],"version-history":[{"count":0,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/posts\/18743\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media\/18498"}],"wp:attachment":[{"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/media?parent=18743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/categories?post=18743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/tags?post=18743"},{"taxonomy":"kronos_expire_date","embeddable":true,"href":"https:\/\/cryptoted.net\/index.php\/wp-json\/wp\/v2\/kronos_expire_date?post=18743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}