Blockchain safety agency SlowMist has highlighted 5 widespread phishing strategies crypto scammers used on victims in 2022, together with malicious browser bookmarks, phony gross sales orders and trojan malware unfold on messaging app Discord.
It comes after the safety agency recorded a complete of 303 blockchain safety incidents within the 12 months, with 31.6% of those incidents attributable to phishing, rug pull or different scams, in line with a Jan. 9 SlowMist blockchain safety report.
Malicious browser bookmarks
One of many phishing methods makes use of bookmark managers, a function in most fashionable browsers.
SlowMist stated scammers have been exploiting these to finally acquire entry to a venture proprietor’s Discord account.
“By inserting JavaScript code into bookmarks via these phishing pages, attackers can probably acquire entry to a Discord person’s info and take over the permissions of a venture proprietor’s account,” the agency wrote.
After guiding victims so as to add the malicious bookmark via a phishing web page, the scammer waits till the sufferer clicks on the bookmark whereas logged into Discord, which triggers the implanted JavaScript code and sends the sufferer’s private info to the scammer’s Discord channel.
Throughout this course of, the scammer can steal a sufferer’s Discord Token (encryption of a Discord username and password) and thus acquire entry to their account, which permits them to put up faux messages and hyperlinks to extra phishing scams posing because the sufferer.
‘Zero greenback buy’ NFT phishing
Out of 56 main NFT safety breaches, 22 of these have been the results of phishing assaults, added SlowMis
One of many extra well-liked strategies utilized by scammers would trick their victims into signing over NFTs for virtually nothing via a phony gross sales order.
As soon as the sufferer indicators the order, the scammer can then buy the person’s NFTs via a market at a value decided by them.
“Sadly, it isn’t attainable to deauthorize a stolen signature via websites like Revoke,” the report wrote.
“Nevertheless, you may deauthorize any earlier pending orders that you simply had arrange, which will help mitigate the chance of phishing assaults and forestall the attacker from utilizing your signature.”
Malicious program foreign money theft
In response to SlowMist, this kind of assault normally happens via non-public messages on Discord the place the attacker invitations victims to take part in testing a brand new venture, then sends a program within the type of a compressed file that comprises an executable file of about 800 MB.
After downloading this system, it’s going to scan for recordsdata containing key phrases like “pockets” and add them to the attacker’s server.
“The most recent model of RedLine Stealer additionally has the flexibility to steal cryptocurrency, scanning for put in digital foreign money pockets info on the native laptop and importing it to a distant management machine,” stated SlowMist.
“Along with stealing cryptocurrency, RedLine Stealer may add and obtain recordsdata, execute instructions, and ship again periodic details about the contaminated laptop.”
‘Clean Examine’ eth_sign phishing
This phishing assault permits scammers to make use of your non-public key to signal any transaction they select. After connecting your pockets to a rip-off web site, a signature utility field could pop up with a crimson warning from MetaMask.
After signing, attackers acquire entry to your signature, permitting them to can assemble any knowledge and ask you to signal it via eth_sign.
“Any such phishing might be very complicated, particularly relating to authorization,” stated the agency.
Identical ending quantity switch rip-off
For this rip-off, attackers airdrop small quantities of tokens, resembling .01 USDT or 0.001 USDT to victims usually with the same tackle, apart from the previous couple of digits within the hopes of tricking customers into by accident copying the improper tackle of their switch historical past.
The remainder of the 2022 report lined different blockchain safety incidents within the 12 months, together with contract vulnerabilities and personal key leakage.
Associated: DeFi-type initiatives obtained the very best variety of assaults in 2022: Report
There have been roughly 92 assaults utilizing contract vulnerabilities within the 12 months, totaling almost $1.1 billion in losses due to flaws in sensible contract design and hacked applications.
Personal key theft however accounted for roughly 6.6% of assaults and noticed a minimum of $762 million in losses, probably the most distinguished examples being the Ronin bridge and Concord’s Horizon Bridge hacks.
