BlocksInform
Blockchain security company slowmist revealed five crypto phishing scam techniques used on victims in 2022, including malware bookmarks from the browser, sales bogus orders and malicious Trojan horse software spread over the discord messaging application.
It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report.
Malicious browser bookmarks
One of the phishing strategies uses bookmarking handlers, a functionality in most modern browsers.
Slowmist said con artists were exploiting them to finally access the divisive account of a project owner.
"by adding javascript code to bookmarks across these phishing pages, attackers can potentially access information from a conflicting user and support the account permissions of a project owner,' the company wrote.
After recommending that victims add the malicious bookmark to a phishing page, The fraudster waits for the victim to click on the bookmark during a Discord session, that triggers the implemented javascript code and sends the victim's personal information to the crook's chain of contention.
In the course of that, the fraudster can steal a victim's divisive token (encrypt a username and a divisive password) and access his or her account, This enables them to post false messages and links to other phishing scams impersonating the victim.
‘Purchase of zero dollar NFT phishing.
Out of 56 major NFT security breaches, 22 of those were the result of phishing attacks, according to SlowMist.
One of the most used methods by crooks deceives victims by signing TNPs for virtually nothing thanks to a false sales order.
Once the victim signs the order, the fraudster can then buy the user's NFT through a market at a price specified by them.
"Unfortunately, it is not possible to revoke a stolen signature via sites like revoke," wrote the slow track.
"However, you can cancel any pending orders you've already established, which can help reduce the risk of phishing attacks and prevent the attacker from using your signature."
Trojan horse currency theft
According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in testing a new project, then sends a program in the form of a compressed file that contains an executable file of about 800 MB.
After downloading the program, it will fetch files containing key phrases such as "wallet" and download them on the server of the attacker.
"RedLine Stealer's latest version also has the capability to steal cryptocurrency, the search for information about the digital wallet installed on the local computer and its download on a remote control machine," SlowMist said.
“Besides stealing cryptocurrency, RedLine Stealer can also download and download files, execute orders, and send periodic information to the infected computer."
‘Blank Check’ eth_sign phishing
This phishing attack lets fraudsters use your private key to sign any deal of their choice. After logging your portfolio into a scam site, an app signature box may appear with a red METAMASK warning.
After signing, attackers have access to your signature, which allows them to build any data and request that you sign it by eth_sign.
"This type of phishing can be very confusing, especially as far as authorization is concerned," the company said.
Same end number switch scam.
For that hustle and bust, airdrop attackers small quantities of chips, 0.01 USDT or 0.001 USDT for victims who often have the same address, with the exception of the latest numbers hoping to mislead users by accidentally copying the wrong address into their transfer history.
The remainder of the 2022 report focused on additional blockchain security incidents over the course of the year, including contractual vulnerabilities and private key leaks.
Related: DeFi-type projects received the highest number of attacks in 2022: Report
There were approximately 92 attacks involving contractual vulnerabilities during the year, for a total of almost $1.1 billion in losses due to flaws in the design of smart contracts and pirated programs.
Private key theft on the other hand accounted for roughly 6.6% of attacks and saw at least $762 million in losses, the most prominent examples being the Ronin bridge and Harmony’s Horizon Bridge hacks.
