Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Microsoft warns of emerging ‘ice phishing’ threat on blockchain, DeFi networks - Best Business Review Site 2024

Microsoft warns of emerging ‘ice phishing’ threat on blockchain, DeFi networks

[ad_1]

Microsoft has warned of new threats impacting blockchain technologies and web3 including “ice phishing” campaigns. 

The blockchain, decentralized technologies, DeFi, smart contracts, exploration into the concept of a ‘metaverse‘ and web3 — the decentralized foundation built on top of cryptographic systems that underlay blockchain projects — are all being pursued in what could be radical changes in how we understand and experience connectivity today. 

Read on: What is web3? Everything you need to know about the decentralized future of the internet

However, with every technological innovation, there may also be new avenues created for cyberattackers and web3 is no exception. 

Today’s most common threats include mass spam and phishing conducted over email and social media platforms, social engineering, and vulnerability exploitation. 

On February 16, the Microsoft 365 Defender Research Team said that phishing, in particular, has made its way over to the blockchain, custodial wallets, and smart contracts – “reaffirming the durability of these threats as well as the need for security fundamentals to be built into related future systems and frameworks.”

Microsoft’s cybersecurity researchers say that phishing attacks focused on web3 and the blockchain can take various forms. 

One of the threats to watch out for is an attacker trying to obtain the private, cryptographic keys to access a wallet containing digital assets. 

While emailed phishing attempts do occur, social media scams are rife. For example, scam artists may send direct messages to users publicly asking for help from a cryptocurrency service — and while pretending to be from a support team, they ask for the key. 

Another tactic is by launching fake airdrops for free tokens on social media sites, and when users try to access their new assets, they are redirected to malicious domains that either try to steal credentials or execute cryptojacking malware payloads on a victim’s machine. 

In addition, cybercriminals are known to conduct typo-squatting to impersonate legitimate blockchain and cryptocurrency services. They register website domains containing small errors or changes — such as cryptocurency.com rather than cryptocurrency.com — and set up phishing websites to steal keys directly. 

Ice phishing is different and ignores private keys entirely. This attack method attempts to dupe a victim into signing a transaction that hands over the approval of a user’s tokens to a criminal. 

Such transactions can be used in DeFi environments and smart contracts to permit a token swap to take place, for example.

screenshot-2022-02-17-at-10-08-14.png

Microsoft

“Once the approval transaction has been signed, submitted, and mined, the spender can access the funds,” Microsoft noted. “In case of an ‘ice phishing’ attack, the attacker can accumulate approvals over a period of time and then drain all victim’s wallets quickly.”

The most high-profile example of ice phishing is last year’s BadgerDAO compromise. Attackers were able to compromise the front-end of BadgerDAO to obtain access to a Cloudflare API key, and malicious scripts were then injected — and removed — from the Badger smart contract. 

Customers with high balances were selected and they were asked to sign fraudulent transaction approvals. BadgerDAO said in a post-mortem of the phishing attack that “the script intercepted web3 transactions and prompted users to allow a foreign address approval to operate on ERC-20 tokens in their wallet.”

“After phishing a number of approvals, a funding account sent 8 ETH to the exploiter’s account to fuel a series of transferFrom calls on the users’ approved tokens,” BadgerDAO said. “This allowed the attacker to move funds on behalf of the users to other accounts, which then liquidated the funds and exited via the Badger Bridge to BTC.”

Approximately $121 million was stolen. An audit and recovery plan is underway. 

“The Badger DAO attack highlights the need to build security into web3 while it is in its early stages of evolution and adoption,” Microsoft says. “At a high level, we recommend that software developers increase security usability of web3. In the meantime, end-users need to explicitly verify information through additional resources, such as reviewing the project’s documentation and external reputation/informational websites.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot