Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication

Kailun Yan, Xiaokuan Zhang, Wenrui Diao

TL;DR

The study identifies Blind Message Attacks as a critical threat to Web3 authentication by showing a high vulnerability rate across real deployments and by dissecting how message design and server verification enable attacks. It introduces Web3AuthChecker, a dynamic back-end testing tool, and Web3AuthGuard, a wallet-side mitigation implemented in MetaMask, to detect and alert about these attacks. Across 29 test cases, $22/29$ deployments were at risk ($75.8\%$), with several cases enabling Replay Attacks and Blind Multi-Message Attacks; Web3AuthGuard mitigated many scenarios by flagging suspicious signatures in real time, achieving $80\%$ alert coverage in tested logins. The work provides actionable guidance for protocol improvements, responsible disclosure, and open-source tooling to advance secure Web3 authentication, including two CVEs and future directions for end-to-end protocol design or per-website unique identities.

Abstract

As the field of Web3 continues its rapid expansion, the security of Web3 authentication, often the gateway to various Web3 applications, becomes increasingly crucial. Despite its widespread use as a login method by numerous Web3 applications, the security risks of Web3 authentication have not received much attention. This paper investigates the vulnerabilities in the Web3 authentication process and proposes a new type of attack, dubbed blind message attacks. In blind message attacks, attackers trick users into blindly signing messages from target applications by exploiting users' inability to verify the source of messages, thereby achieving unauthorized access to the target application. We have developed Web3AuthChecker, a dynamic detection tool that interacts with Web3 authentication-related APIs to identify vulnerabilities. Our evaluation of real-world Web3 applications shows that a staggering 75.8% (22/29) of Web3 authentication deployments are at risk of blind message attacks. In response to this alarming situation, we implemented Web3AuthGuard on the open-source wallet MetaMask to alert users of potential attacks. Our evaluation results show that Web3AuthGuard can successfully raise alerts in 80% of the tested Web3 authentications. We have responsibly reported our findings to vulnerable websites and have been assigned two CVE IDs.

Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication

TL;DR

The study identifies Blind Message Attacks as a critical threat to Web3 authentication by showing a high vulnerability rate across real deployments and by dissecting how message design and server verification enable attacks. It introduces Web3AuthChecker, a dynamic back-end testing tool, and Web3AuthGuard, a wallet-side mitigation implemented in MetaMask, to detect and alert about these attacks. Across 29 test cases, deployments were at risk (), with several cases enabling Replay Attacks and Blind Multi-Message Attacks; Web3AuthGuard mitigated many scenarios by flagging suspicious signatures in real time, achieving alert coverage in tested logins. The work provides actionable guidance for protocol improvements, responsible disclosure, and open-source tooling to advance secure Web3 authentication, including two CVEs and future directions for end-to-end protocol design or per-website unique identities.

Abstract

As the field of Web3 continues its rapid expansion, the security of Web3 authentication, often the gateway to various Web3 applications, becomes increasingly crucial. Despite its widespread use as a login method by numerous Web3 applications, the security risks of Web3 authentication have not received much attention. This paper investigates the vulnerabilities in the Web3 authentication process and proposes a new type of attack, dubbed blind message attacks. In blind message attacks, attackers trick users into blindly signing messages from target applications by exploiting users' inability to verify the source of messages, thereby achieving unauthorized access to the target application. We have developed Web3AuthChecker, a dynamic detection tool that interacts with Web3 authentication-related APIs to identify vulnerabilities. Our evaluation of real-world Web3 applications shows that a staggering 75.8% (22/29) of Web3 authentication deployments are at risk of blind message attacks. In response to this alarming situation, we implemented Web3AuthGuard on the open-source wallet MetaMask to alert users of potential attacks. Our evaluation results show that Web3AuthGuard can successfully raise alerts in 80% of the tested Web3 authentications. We have responsibly reported our findings to vulnerable websites and have been assigned two CVE IDs.
Paper Structure (92 sections, 6 figures, 3 tables)

This paper contains 92 sections, 6 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Web3AuthChecker
  3. Web3AuthGuard
  4. Responsible Disclosure
  5. Demos
  6. Contributions
  7. Background
  8. Web3
  9. Web3 Application
  10. Web3 Authentication
  11. Crypto Wallet
  12. Impacts of Unauthorized Access in Web3
  13. Asset Loss
  14. Compromised Anonymity and Reputation
  15. Web3 Authentication
  16. ...and 77 more sections

Figures (6)

  • Figure 1: Web3 Authentication Process.
  • Figure 2: Blind Message Attack.
  • Figure 3: Architecture of Web3AuthChecker.
  • Figure 4: Workflow of Web3AuthGuard.
  • Figure 5: Alerts in Signature Requests.
  • ...and 1 more figures