Eth binance smart chain metamask8/15/2023 For example, scammers have developed techniques that takes advantage of quirks in NFT infrastructure, like the Seaport protocol introduced by OpenSea and used across many NFT marketplaces. Some attacks target traders of non-fungible tokens (NFT). This is achieved by signing a 'security update' function of the scammer's contract,” Seifert said, adding that usually, small amounts of crypto is stolen this way. “A variation of the ice phishing attack is to trick users into sending native assets to the scammer directly. “Users click, click, click and transactions pop-up, often with a timer, and users approve them without checking,” Seifert said.Īccording to Seifert, there are two crucial steps to ice phishing: “luring a victim onto a website and creating a positive narrative. However, instead of interacting with a legitimate service, a user forfeits control over their assets to an attacker by signing a token approval transaction. Such schemes often create an illusion of a new lucrative opportunity, like an airdrop of some new token, and exploit the common tendency to fall for FOMO, or the fear of missing out, Seifert said. In a similar scam to the one mentioned above, attackers attempt to trick users into interacting with various decentralized applications (dapps), including decentralized exchanges (DEXs). That's why it's critical you know exactly what you're signing up for when you confirm token approvals." On its support page, MetaMask, the makers of the most popular Ethereum crypto wallet note that when granting token approval transactions "you're firmly in control and hold ultimate responsibility for everything you do. These scams rely on "token approval" transactions, one of the most common uses for non-custodial Web3 wallets that enable users to grant smart contracts a certain amount of access to their wallets. In such cases, victims are often lured onto a phishing website designed to mimic real crypto services. Instead, an ice phisher tricks a victim into signing a malicious blockchain transaction that opens access to the victim’s wallet so the attacker can steal all the money. Unlike the more obvious or well-known phishing attacks (ice phishing is a play on the more common “phishing” attacks seen across the Web), this type does not aim directly for users’ private information. The most prevalent kind of attack in May was the so-called “ice phishing” technique, which accounted for 55.8% of all the attacks registered by Forta. “A lot of attacks are social engineering attacks: users are being lured to a website, a website asks them to connect their wallet, a transaction pops-up, a user approves it and their money is gone,” Seifert said. See also: Calling a Hack an Exploit Minimizes Human Error | Opinion Other attacks only require knowing a victim’s wallet address. Some of those anomalies are attacks on users’ wallets.įor some of the attacks, scammers rely on social engineering – sniffing around for user's personal information or deploying tricks to get crypto users to reveal their passwords or seed phrases. Cristian Seifert, researcher-in-residence at Forta who previously worked at Microsoft’s security research division, told CoinDesk that Forta’s algorithms can detect various kinds of anomalous behavior while scanning transactions on blockchains.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |