Skip to main content

CVE-2022-24738: CWE-287: Improper Authentication in tharsis evmos

Medium
Published: Mon Mar 07 2022 (03/07/2022, 21:30:13 UTC)
Source: CVE
Vendor/Project: tharsis
Product: evmos

Description

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue.

AI-Powered Analysis

AILast updated: 06/23/2025, 14:58:45 UTC

Technical Analysis

CVE-2022-24738 is a medium-severity vulnerability classified under CWE-287 (Improper Authentication) affecting the Evmos blockchain platform, specifically versions prior to 2.0.1. Evmos functions as an Ethereum Virtual Machine (EVM) Hub on the Cosmos Network, enabling interoperability between Ethereum-compatible smart contracts and the Cosmos ecosystem. The vulnerability arises from insufficient authentication controls when connecting to external chains. An attacker can exploit this by creating a malicious chain that does not enforce signature verification and then linking it to a vulnerable Evmos instance. Through this joined chain, the attacker can bypass normal authentication mechanisms and transfer unclaimed funds from user addresses without authorization. This effectively allows unauthorized draining of assets that have not been claimed by their rightful owners. The attack requires the attacker to set up a new chain environment that circumvents signature checks, then connect it to the target Evmos node. There are no known workarounds, and the only remediation is to upgrade Evmos to version 2.0.1 or later, where proper authentication enforcement is implemented. No public exploits have been reported in the wild, but the potential for financial loss is significant due to the direct theft of unclaimed funds. This vulnerability impacts the integrity and confidentiality of user assets and could undermine trust in the Evmos platform if exploited.

Potential Impact

For European organizations utilizing Evmos, particularly those involved in blockchain development, decentralized finance (DeFi), or asset management on the Cosmos Network, this vulnerability poses a tangible risk of financial loss through unauthorized fund transfers. The improper authentication flaw could lead to theft of unclaimed tokens, potentially affecting custodial services, exchanges, or institutional investors holding assets on Evmos. Loss of funds could result in reputational damage, regulatory scrutiny, and financial liabilities. Additionally, the exploitation of this vulnerability could erode confidence in blockchain interoperability solutions within Europe, slowing adoption of Cosmos-based technologies. Given the cross-chain nature of the attack, organizations relying on interconnected blockchain ecosystems may face cascading impacts. The vulnerability also highlights the importance of rigorous authentication in blockchain bridges and hubs, which are critical infrastructure components for European blockchain initiatives. While no active exploitation is known, the ease of creating a malicious chain and connecting it to a vulnerable node means that the threat could materialize if patches are not applied promptly.

Mitigation Recommendations

1. Immediate upgrade of all Evmos nodes and related infrastructure to version 2.0.1 or later to ensure proper authentication enforcement and signature verification. 2. Implement strict network policies to restrict connections only to trusted chains and nodes, minimizing exposure to malicious chain joins. 3. Monitor blockchain node logs and network traffic for unusual chain join attempts or unauthorized fund transfers, enabling early detection of exploitation attempts. 4. Conduct thorough audits of unclaimed funds and transaction histories to identify any suspicious activity prior to patching. 5. Educate blockchain developers and administrators on the risks of improper authentication in cross-chain environments and enforce secure coding practices. 6. Collaborate with blockchain security communities and Cosmos Network maintainers to stay informed about emerging threats and patches. 7. For organizations providing custodial or DeFi services on Evmos, implement additional multi-factor authentication and transaction approval workflows to mitigate risks from compromised nodes. These steps go beyond generic advice by focusing on network-level controls, active monitoring, and organizational processes tailored to the unique cross-chain nature of the vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2022-02-10T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d9842c4522896dcbf273a

Added to database: 5/21/2025, 9:09:22 AM

Last enriched: 6/23/2025, 2:58:45 PM

Last updated: 8/11/2025, 10:47:14 AM

Views: 18

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats