Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
TokenPocket

TokenPocket Vendor Cyber Rating & Cyber Score

tokenpocket.pro

World's Leading Crypto Wallet on BTC, ETH, BSC, Solana, TRON, Polkadot, Polygon, etc. #DeFi|#Crypto|#Bitcoin|#ETH


TokenPocket A.I CyberSecurity Scoring

TokenPocket
Company Information
Website:https://tokenpocket.pro
Employees number:24
Number of followers:995
NAICS:52
Industry Type:Financial Services
Homepage:tokenpocket.pro
TokenPocket Risk Score (AI oriented)
Between 700 and 749
logo
TokenPocketFinancial Services
Updated:
29/03/2026
732/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
TokenPocket Global Score (TPRM)
xxxx
logo
TokenPocketFinancial Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

TokenPocket
TokenPocketModerate
Current Score
732Ba (MODERATE)
01000
1 incidents
-22 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
734Before Incident
JUNE 2026
734Before Incident
MAY 2026
733Before Incident
APRIL 2026
732Before Incident
MARCH 2026
732Before Incident
FEBRUARY 2026
753Before Incident
Cyber Attack
26 Feb 2026TokenPocket
imToken, TokenPocket, MetaMask and Coinbase: Sophisticated SeaFlower Backdoor Campaign Targets Web3 Wallets to Steal Seed Phrases

SeaFlower: A Highly Sophisticated Web3 Wallet Hack Targeting Cryptocurrency Users

731After Incident
CRITICAL-22
METIMTCOITOK1772124856
SeaFlower: A Highly Sophisticated Web3 Wallet Hack Targeting Cryptocurrency Users A newly uncovered cyber threat campaign, SeaFlower (藏海花), has been targeting users of popular Web3 cryptocurrency wallets with advanced backdoor attacks designed to steal seed phrases and drain funds. Discovered by Confiant analysts, this operation is among the most technically sophisticated threats to Web3 users documented to date, leveraging reverse engineering, app cloning, and covert data exfiltration. ### Targets and Tactics SeaFlower focuses on four major wallets Coinbase Wallet, MetaMask, TokenPocket, and imToken across iOS and Android. The malicious apps are pixel-perfect replicas of legitimate versions, making detection nearly impossible for users. The campaign’s infrastructure, including domains registered under .cn TLDs and Alibaba CDN abuse, points to Chinese-speaking threat actors, with source code comments, developer usernames, and modding frameworks tied to the region. Victims are lured through cloned download sites promoted via Chinese search engines like Baidu, Sogou, 360 Search, and Shenma. These fake sites mimic official wallet pages, complete with fabricated ratings and download counts, tricking users into installing trojanized apps. ### How the Backdoor Works Once installed, the backdoored wallets function normally while silently executing malicious code: - iOS: The attack begins with a provisioning profile download, allowing the app to bypass Apple’s App Store security. An injected .dylib file hooks into the app’s runtime using tools like Cydia Substrate and MonkeyDev, intercepting the dataWithContentsOfFile:options:error function when MetaMask loads its JavaScript bundle. An obfuscated class (FKKKSDFDFFADS) decrypts an RSA-encrypted payload, exfiltrating seed phrases, wallet addresses, and balances to attacker-controlled domains (e.g., trx.lnfura[.]org, mimicking Infura). - Android: For Coinbase Wallet, malicious smali code in a class named XMPMetadata triggers an HTTP POST request when a seed phrase is saved, sending data to colnbase[.]homes/u/sms/. ### Attribution and Impact The campaign’s name derives from a leaked macOS username (“Zhang Haike”), referencing a character in the Chinese novel Tibetan Sea Flower. Additional usernames (“lanyu” and “trader”) further link the operation to a single threat actor. The attack’s sophistication combining app modding, automated deployment, and stealthy exfiltration highlights a significant escalation in Web3-targeted threats. With no visible red flags during normal use, SeaFlower represents a high-risk threat to cryptocurrency users, particularly those relying on third-party download sources. The campaign underscores the growing complexity of attacks against decentralized finance (DeFi) platforms.
INCIDENT DETAILS -
TYPE
Backdoor Attack, Cryptocurrency Wallet Hack
MOTIVATION
Financial gain (cryptocurrency theft), Data exfiltration (seed phrases, wallet addresses, balances)
IMPACT
Financial Loss: Funds drained from cryptocurrency walletsData Compromised: Seed phrases, wallet addresses, balances, personally identifiable information (PII)Systems Affected: iOS and Android devices running trojanized Web3 walletsOperational Impact: Loss of trust in Web3 wallets, potential long-term reputational damage to wallet providersRevenue Loss: Potential loss of revenue for wallet providers due to user attritionBrand Reputation Impact: High (due to sophisticated and stealthy nature of the attack)Identity Theft Risk: High (seed phrases and wallet data stolen)Payment Information Risk: High (cryptocurrency theft)
DATA BREACH
Seed phrasesWallet addressesBalancesPersonally identifiable information (PII)Sensitivity Of Data: High (cryptocurrency access credentials)Data Exfiltration: Yes (to attacker-controlled domains like trx.lnfura[.]org and colnbase[.]homes)Data Encryption: RSA-encrypted payloads for exfiltrationPersonally Identifiable Information: Seed phrases, wallet addresses
JANUARY 2026
753Before Incident
DECEMBER 2025
753Before Incident
NOVEMBER 2025
753Before Incident
OCTOBER 2025
753Before Incident
SEPTEMBER 2025
753Before Incident
AUGUST 2025
753Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for TokenPocket ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in June 2026 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in May 2026 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in April 2026 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in March 2026 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in February 2026 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in January 2026 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in December 2025 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in November 2025 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in October 2025 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in September 2025 ?
?
What was TokenPocket's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on TokenPocket's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with TokenPocket ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view TokenPocket's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?