How Hackers Can Steal Your Seed Phrase

Thinking of saving the keys or seed phrase to your wallet on a Microsoft Word document? Think again. Crypto researchers have exposed a severe 0-day vulnerability called #Follina. This allows crypto hackers to take full control of your computer without opening any files. Here’s how.

How crypto hackers are stealing seed phrases via Microsoft Word

According to web3 security advocate @wallet_guard: “The 0-day starts with a feature in MS Word called Templates. This feature allows Word to load and execute HTML and JS from external sources. Using the Template’s HTML and Javascript the payload then runs the following Powershell command to run a service called Microsoft Support Diagnostic Tool, or MSDT.”

While MSDT is usually used as a diagnostic tool to debug problems in your operating system, it also allows IT experts and Microsoft personnel to remotely control your computer. Although it normally requires a user to enter a password, it also has a buffer that overcomes the password requirement. Therefore, crypto hackers can easily use this buffer to gain access to your documents.

The whole affair is a 0-click exploit, because.rtf file previews execute the malicious code simply by downloading the file and viewing it in file explorer. Therefore, any word document can be malicious without knowing.

Why is this crucial for web3 enthusiasts?

Since some web3 and crypto enthusiasts store their keys and seed phrases on a Word Doc, knowing about this exploit is crucial. Therefore, all files must be considered vulnerable, and everyone must take additional precautions to protect their information.

According to @wallet_guard, web3 and crypto enthusiasts should not use Microsoft Word at this point in time, but instead, use Google Docs. In addition, they must disable MSDT and use.pdf instead of other file extensions.

This Microsoft Word loophole is another nail in the coffin for the crypto community; especially as it has been battling Discord hackers for the last few months.