How to Avoid Getting Addicted by Crypto Ice Cream Phishing Scams – CertiK
#Avoid #Addicted #Crypto #Ice #Cream #Phishing #Scams #CertiK Welcome to InNewCL, here is the new story we have for you today:
Click Me To View Restricted Videos
Blockchain security firm CertiK has reminded the crypto community to stay alert for “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year .
In a December 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing credentials that eventually allow a scammer to spend their tokens.
This differs from traditional phishing attacks that attempt to access sensitive information such as private keys or passwords, such as B. the fake websites that claim to help FTX investors recover funds lost on the exchange.
1/ Ice phishing is a significant threat to the Web3 community
Instead of gaining access to your private key, scammers trick you into signing authorizations to spend your fortune.
In the following we explain what you need to look out for and how you can protect yourself!
— CertiK Alert (@CertiKAlert) December 20, 2022
A December 17 scam that stole 14 Bored Apes is an example of a sophisticated ice phishing scam. An investor was persuaded to sign a transaction request disguised as a movie deal, which eventually allowed the scammer to sell all of the user’s monkeys to themselves for a negligible amount.
The company noted that this type of scam is a “significant threat” only found in the Web3 world, as investors are often asked to sign approvals for DeFi (Decentralized Finance) protocols they interact with , which could easily be faked.
“All the hacker has to do is make a user believe that the malicious address they are giving permission to is legitimate. Once a user has given the scammer permission to issue tokens, there is a risk that the assets will be siphoned off.”
Once approved, a scammer can transfer assets to an address of their choosing.
An example of how an ice phishing attack works on Etherscan. Source: Certik
To protect against ice phishing, CertiK recommended investors revoke permissions on addresses they don’t recognize on blockchain explorer sites like Etherscan, using a token approval tool.
Related: $4B OneCoin scam co-founder pleads guilty, faces 60 years in prison
Additionally, addresses that users want to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address funded by Tornado cash withdrawals as an example of suspicious activity.
CertiK also suggested that users should only interact with official websites that they can verify and be extra wary of social media sites like Twitter, highlighting a fake Optimism Twitter account as an example.
Fake optimism twitter account. Source: Certik
The company also advised users to take a few minutes to check a trustworthy website like CoinMarketCap or Coingecko, users could have seen that the linked URL was not a legitimate website and should be avoided.
Tech giant Microsoft was the first to highlight the practice in a Feb. 16 blog post, saying at the time that credential phishing was very prevalent in the Web2 world, but ice phishing allowed individual scammers to steal a piece of the crypto industry steal while preserving “almost complete anonymity”.
They recommended that Web3 projects and wallet providers increase the security of their services at the software level to avoid putting the burden of avoiding ice phishing attacks solely on the end user.
