Rare Pepe Wallet Backdoored In Attempted Frog Heist
Joe Looney, Bitcoin developer and maintainer of Rare Pepe Wallet, a CounterParty asset wallet designed to improve pepecash-based trading UX, announced today on Twitter that rarepepewallet.com has been compromised. Users should restore their wallets to another trusted CounterParty wallet and transfer their funds to a new wallet in the meantime.
Someone Really Wants Some Rare Pepe
The wallet became compromised via a malicious commit pushed to the wallet’s repository from Looney’s Github account that had been broken into earlier by the attacker(s).
Luckily, Looney was quick to remedy the issue, disclosing the security breach and shutting down the site for repairs. No Pepes have yet been reported stolen, but for those with potentially compromised wallets, Looney recommends the following:
- restore your wallet into another CounterParty webwallet, like counterwallet.io or freewallet.io
- transfer all of your assets to a new wallet or a backup that isn’t hosted on Rare Pepe wallet.
Looney Thinks He Knows Source of the Attempted Pepe Heist
When reached out to for comment on the breach, Looney noted that he didn’t “use 2fa [two-factor authentication]” and this was likely the cause of the Github break-in, despite his using a Github specific email address.
In addition, Looney stated the hack made him reconsider his practices, and he “might get a [Yubikey] now.”
With this news in mind, it’s important to remember that most web wallets are only as secure as the people hosting them and that keeping your funds on exchanges and web wallets is a bad, risky practice for people holding nontrivial amounts of crypto.
With that said, running a full CounterParty node comes with a lot of overhead and a terrible UX, and those using applications like Book of Orbs and Rare Pepe Wallet to streamline the process can hardly be blamed for doing so.
Where do you stand? Do you think it’s wrong Looney didn’t use 2FA? Let us know in the comments below!
Images courtesy Rare Pepe Directory, Pixabay