Monday, October 25, 2021

Rare Pepe Wallet Backdoored In Attempted Frog Heist

Rare Pepe Wallet Backdoored In Attempted Frog Heist

Joe Looney, Bitcoin developer and maintainer of Rare Pepe Wallet, a CounterParty asset wallet designed to improve pepecash-based trading UX, announced today on Twitter that has been compromised. Users should restore their wallets to another trusted CounterParty wallet and transfer their funds to a new wallet in the meantime.

Also read: $28K Bitcoin Price in Sight as Futures Trading Gets Underway

Join the Bitsonline Telegram channel to get the latest Bitcoin, cryptocurrency, and tech news updates:

Someone Really Wants Some Rare Pepe

Rare pepe
Clearly the wallet needs more of this

The wallet became compromised via a malicious commit pushed to the wallet’s repository from Looney’s Github account that had been broken into earlier by the attacker(s).

The attacker(s) then used the changes they’d made to the site to modify the site’s JavaScript while it was live, probably in an attempt to lift users’ wallet passphrases.

Luckily, Looney was quick to remedy the issue, disclosing the security breach and shutting down the site for repairs. No Pepes have yet been reported stolen, but for those with potentially compromised wallets, Looney recommends the following:

  • restore your wallet into another CounterParty webwallet, like or
  • transfer all of your assets to a new wallet or a backup that isn’t hosted on Rare Pepe wallet.

Looney Thinks He Knows Source of the Attempted Pepe Heist

When reached out to for comment on the breach, Looney noted that he didn’t “use 2fa [two-factor authentication]” and this was likely the cause of the Github break-in, despite his using a Github specific email address.

In addition, Looney stated the hack made him reconsider his practices, and he “might get a [Yubikey] now.”

With this news in mind, it’s important to remember that most web wallets are only as secure as the people hosting them and that keeping your funds on exchanges and web wallets is a bad, risky practice for people holding nontrivial amounts of crypto.

With that said, running a full CounterParty node comes with a lot of overhead and a terrible UX, and those using applications like Book of Orbs and Rare Pepe Wallet to streamline the process can hardly be blamed for doing so.

Where do you stand? Do you think it’s wrong Looney didn’t use 2FA? Let us know in the comments below!

Images courtesy Rare Pepe Directory, Pixabay

Bitsonline Email Newsletter