How to avoid getting hooked by crypto ‘ice phishing’ scammers — CertiK

Published at: Dec. 21, 2022

Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year. 

In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens.

This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on the exchange.

#CertiKSkynetAlert 1/ Ice phishing is a considerable threat to the Web3 community Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.We’ll outline below what to look out for, and how to protect yourself!

— CertiK Alert (@CertiKAlert) December 20, 2022

A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing scam. An investor was convinced to sign a transaction request disguised as a film contract, which ultimately enabled the scammer to sell all of the user's apes to themselves for a negligible amount.

The firm noted that this type of scam was a “considerable threat” found only in the Web3 world, as investors are often required to sign permissions to decentralized finance (DeFi) protocols they interact with, which could be easily faked.

“The hacker just needs to make a user believe that the malicious address that they are granting approval to is legitimate. Once a user has approved permissions for the scammer to spend tokens, then the assets are at risk of being drained.”

Once a scammer has gained approval, they are able to transfer assets to an address of their choosing.

To protect themselves from ice phishing, CertiK recommended that investors revoke permissions for addresses they don’t recognize on blockchain explorer sites such as Etherscan, using a token approval tool.

Related: $4B OneCoin scam co-founder pleads guilty, faces 60 years jail

Additionally, addresses that users are planning to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address that was funded by Tornado Cash withdrawals as an example of suspicious activity.

CertiK also suggested that users should only interact with official sites they are able to verify, and to be particularly wary of social media sites like Twitter, highlighting a fake Optimism Twitter account as an example.

The firm also advised users to take a couple of minutes to check a trusted site such as CoinMarketCap or Coingecko, users would have been able to see that the linked URL was not a legitimate site and should be avoided.

Tech giant Microsoft was the first one to highlight this practice in a Feb. 16 blog post, saying at the time that while credential phishing is very predominant in the Web2 world, ice phishing gives individual scammers the ability to steal a chunk of the crypto industry while maintaining “almost complete anonymity.”

They recommended that Web3 projects and wallet providers increase the security of their services on the software level in order to prevent the burden of avoiding ice phishing attacks being placed solely on the end-user.

Tags
Blockchain
Ethereum
Analysis
Hackers
Phishing
Web3
Twitter
Security
Scams
Microsoft
Related Posts
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
The perfect storm: DeFi hacks will advance the crypto sector moving forward
The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum …
Decentralization / Aug. 17, 2021
Smart contract standards: Making DeFi transactions on Ethereum more secure
Decentralized finance continues to make its impact on the crypto market, and with over $13 billion of total value of assets locked, DeFi projects are clearly resonating with eager crypto investors. Yet while the DeFi space has been progressing over the last year, a number of illegitimate projects have come to fruition, reminding some of the 2017 ICO boom and its subsequent bust. For example, Harvest Finance, a major decentralized protocol, was recently hacked. The attacker made away with $24 million from Harvest Finance pools. Most recently, Value DeFi, the decentralized finance protocol, fell victim to a $6-million flash loan …
Blockchain / Nov. 21, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Can real-time transaction simulations prevent scammers from stealing crypto assets?
This year was a turbulent one for the whole crypto space. From NFTs to DeFi and exchanges, all areas of the industry felt the cold blows of crypto winter. Unfortunately, such an unfavorable climate is the perfect breeding ground for scammers to exploit distressed investors’ crypto wallets. The most recent examples of crypto scams include hackers stealing NFTs through over 500 fake phishing domains, while robocallers started targeting FTX customers in the aftermath of the exchange’s crash. Such malicious attacks have become an everyday occurrence in the space, and the crypto community is actively working on protective measures. On one …
Blockchain / Jan. 6, 2023