Web3 is still in its nascent phase, but is already facing security issues, including Ice phishing. The emergence of these new threats highlights a certain vulnerability of the blockchain, yet deemed reliable.
Ice phishing, a variation of Web2 phishing
Phishing probably remains one of the most widely used attack techniques to target web users. But this is one method among many others. Hackers are constantly developing increasingly sophisticated tactics to defraud Internet users. Ice phishing is one of them. It is, so to speak, a variant of phishing that specifically targets the decentralized web environment, Web3 in this case.
Microsoft 365 Defender researchers have taken a closer look at this alarming new threat. In their report published on the blog from the company, they explain that this is an attack where the user is tricked into signing a transaction that gives an attacker control of their tokens. In this scheme, the attacker won’t even need to steal the target’s private keys. This is possible for major token standards that implement an approval function. The latter allows a user to delegate authority to a third party.
How to protect against this attack?
In an Ice phishing attack, criminals attempt to trick victims into giving their approval over control of their tokens. Scammers use smart contracts to do this. Cybercriminals can infiltrate a crypto exchange to inject malicious code into these smart contracts. This allows them to exchange the target’s wallet address for their own. When a user signs the contract, agreeing to a transaction, the criminal gets permission to access their funds.
According to Microsoft researchers, there is a way to protect against Ice phishing attacks. In particular, users can carefully check whether the smart contract they are about to sign is audited and immutable. It is also possible to verify the security features of these smart contracts (e.g. verify the incident response capability). Microsoft also suggests using blockchain security solutions like those from CertiK and going through analytical platforms like Etherscan for any transaction.
Ice phishing and other crypto scams will likely become more common as the popularity of cryptocurrency continues to grow. To guard against the risks, it is necessary to know, understand and share the best security practices based on the blockchain.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss any of the essential Tremplin.io!
