No products in the cart.
- Latest
- Trending
ADVERTISEMENT
Blockchain security firm CertiK has called on the cryptocurrency community to be wary of ice phishing scams. Phishing scam targeting Web3 users This was first identified by Microsoft earlier this year.
In the December 20th analysis report, CertiK explained Ice phishing is an attack that tricks Web3 users into signing permissions, ultimately allowing the crooks to use the tokens.
This differs from traditional phishing attacks that attempt to access sensitive information such as private keys and passwords. FTX Investors Recoup Lost Funds .
1/ Ice phishing is a major threat to the Web3 community
Instead of gaining access to your private key, the crooks trick you into signing permission to use your assets.
Here’s an overview of what to look out for and how to protect yourself.
CertiK Alert (@CertiKAlert) December 20, 2022
Dec 17 Scam 14 The Boring Monkey Was Stolen An example of a sophisticated ice phishing attack. Investors were persuaded to sign deal requests masquerading as movie contracts, and ultimately, the scammers were able to sell all of the user’s apes to themselves for a pittance.
The company noted that this kind of fraud is a “considerable threat” and can only be found in the Web3 world, where investors often need to sign permits to easily forged decentralized financial protocols. . CertiK wrote:
Hackers just have to convince users that the malicious addresses they are giving permission to are legitimate. If users approve permission to use their tokens by fraudsters, they risk exfiltrating their assets. .”
Once the scammers have obtained approval, they can transfer their assets to an address of their choice.
To protect themselves from ice phishing, CertiK recommends that investors use token approval tools and blockchain explorer sites such as Etherscan to revoke permissions for addresses they do not recognize.
Related: $4B OneCoin Scam Co-Founder Pleads Guilty, Faces 60 Years in Prison
In addition, addresses that users plan to operate should be examined for suspicious activity in these blockchain explorers. In its analysis, CertiK points to addresses funded by Tornado Cash withdrawals as examples of suspicious activity.
CertiK also suggested that users should only interact with official sites that they can verify, and to be extra careful with social media sites like Twitter, highlighting the fake Optimism Twitter account as an example.
The company also advised users to check reputable sites such as CoinMarketCap and CoinGecko to make sure the URL linked to a legitimate site.
Technology giant Microsoft first highlighted the practice in a February 16 blog. directorwhile credential phishing is very dominant in the Web2 world, ice phishing gives individual crooks the ability to steal a slice of the crypto industry while maintaining “near-total anonymity.”
They recommended that the Web3 project and wallet providers increase security at the software level to prevent the burden of evading ice-phishing attacks from being solely on the end-user.
