Blockchain security company CertiK reminded the crypto community aboutnecessityremain vigilant against scams “ice phishing”(ice phishing). This is a unique type of phishing that targets usersWeb3, first identified by Microsoft earlier this year.
In the analytical report dated December 20CertiKdescribed ice phishing as an attack that tricksmakesWeb3 userssign permits, which ultimately allows the fraudster to spend themtokens. The Dec. 17 scam, in which 14 Bored Apes were stolen, is an example of sophisticated ice phishing. An investor was persuaded to sign a deal request disguised as a film contract, which eventually allowed the scammer to sell all of the user's apes to himself for a negligible amount.
What to pay attention to and how to protectmyself! This is different from traditional phishing attacks that attempt to gain access to sensitive information such as private keys or passwords, such as fake websites created to help FTX investors recover funds lost on the exchange. The firm noted that this type of fraud poses a “significant threat” found only in the Web3 world, as investors are often required to sign permissions for the decentralized financial (DeFi) protocols they interact with, which can be easily counterfeited.
Once the fraudster receives permission, he can transfer the assets to the address of his choice.To protectCertiK recommends itself to investorsrevoke permissionsto addresses they don't recognize from blockchain research sites like Etherscan using a token approval tool.
In addition, addresses with which usersplan to interact should be checked on these blockchain sites for suspicious activity. In its analysis, CertiK points to an address that was funded by withdrawals from Tornado Cash as an example of suspicious activity. CertiK also advised users to only interact with official sites they can check and to be extra careful with social networks like Twitter, citing the fake Optimism Twitter account as an example.
The firm advised users to spend a coupleminutes to check trusted sites such as CoinMarketCap or Coingecko, users would be able to see that the link URL is not a legitimate site and should be avoided.
Technology giant Microsoft was the first to draw attention tohighlighted the practice in a blog post on February 16, saying at the time that while credential phishing is very common in the Web2 world, lead phishing gives individual scammers the opportunity to steal a piece of the crypto industry while maintaining “nearly complete anonymity”. Experts recommended that Web3 projects and wallet providers improve the security of their services at the software level to avoid ice phishing.
Read this:
How Water Labbu steals cryptocurrencies from scammers
MetaMask – how to use Ethereum cryptocurrency wallet
Visa Survey Shows Interest Of Latinos In Cryptocurrency Payments
KuCoin Exchange Introduces KuCoin Wallet Web3 Wallet
Cryptocurrency spam bots are silent, and Musk promises to bring scammers to justice
Cuba issues licenses to cryptocurrency providers