5 sneaky tricks cryptophishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques that crypto scammers used on victims in 2022, including malicious browser bookmarks, fake sales orders and Trojan malware spread on messaging app Discord.
It comes after the security firm recorded a total of 303 blockchain security incidents during the year, with 31.6% of those incidents caused by phishing, rugpull or other scams, according to a Jan. 9 SlowMist blockchain security report.
Harmful browser bookmarks
One of the phishing strategies uses bookmark managers, a feature of most modern browsers.
SlowMist said scammers have exploited these to eventually gain access to a project owner’s Discord account.
During this process, the scammer can steal a victim’s Discord token (encryption of a Discord username and password) and thus gain access to their account, which allows them to post fake messages and links to several phishing scams pretending to be the victim .
“Zero Dollar Buy” NFT Phishing
Of 56 major NFT security breaches, 22 of these were the result of phishing attacks, according to SlowMist.
One of the more popular methods used by fraudsters tricks victims into signing NFTs for virtually nothing through a fake sell order.
Once the victim signs the order, the fraudster can buy the user’s NFTs through a marketplace at a price determined by them.
“Unfortunately, it is not possible to remove the authority of a stolen signature through sites like Revoke,” SlowMist wrote.
“However, you can de-authorize any previous pending orders that you have set up, which can help reduce the risk of phishing attacks and prevent the attacker from using your signature.”
Trojan horse currency theft
According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in testing a new project, and then sends a program in the form of a compressed file containing an executable file of approximately 800 MB.
After downloading the program, it will search for files containing key phrases such as “wallet” and upload them to the attacker’s server.
“The latest version of RedLine Stealer also has the ability to steal cryptocurrency, scan for installed digital currency wallet information on the local computer and upload it to a remote machine,” SlowMist said.
“In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and send back periodic information about the infected computer.”
‘Blank Check’ eth_sign phishing
This phishing attack allows fraudsters to use your private key to sign any transaction they choose. After connecting your wallet to a scam website, a signature application box may appear with a red warning from MetaMask.
After signing, attackers get access to your signature, so they can construct any data and ask you to sign it through eth_sign.
“This type of phishing can be very confusing, especially when it comes to authorization,” the firm said.
Same ending number porting scam
For this scam, attackers send small amounts of tokens, such as .01 USDT or 0.001 USDT, to victims that often have a similar address except for the last few digits in hopes of tricking users into accidentally copying the wrong address in their transfer history.
The rest of the 2022 report covered other blockchain security incidents of the year, including contract vulnerabilities and private key leakage.
Related: DeFi-type projects received the highest number of attacks in 2022: Report
There were approximately 92 attacks with contract vulnerabilities during the year, totaling nearly $1.1 billion in losses due to flaws in smart contract design and hacked programs.
Private key theft on the other hand accounted for about 6.6% of attacks and saw at least $762 million in losses, the most prominent examples being the Ronin bridge and Harmony’s Horizon Bridge hacks.