In recent times, the number of scams involving blockchain wallets has increased by leaps and bounds. According to Forta Network, a blockchain security company, at least 7,905 wallets were created by scammers in May alone to steal cryptocurrencies from unsuspecting users. This worrying trend is causing concern among crypto enthusiasts and users alike.
Scammers use a variety of techniques to gain access to users’ wallets and steal their funds. Some of these attacks are social engineering-based, where fraudsters try to extract personal information or trick users into revealing their passwords or seed phrases. In other cases, scammers only need to know the victim’s wallet address to execute an attack. One of the most prevalent techniques is the “ice phishing” technique, which accounted for 55.8% of all attacks registered by Forta in May.
Ice phishing is a type of attack where the perpetrator tricks a victim into signing a malicious blockchain transaction that opens access to their wallet, thereby allowing them to steal all the available funds. These scams usually rely on “token approval” transactions, which are common in non-custodial Web3 wallets and give smart contracts access to user wallets. Users are often lured to phishing websites disguised as legitimate crypto services and then tricked into approving token permissions or transactions without checking.
Another type of scam involves manipulating users into sending native assets directly to the scammer’s contract using a “security update” function. Smaller amounts of crypto are usually stolen in such attacks. Also, scammers have started targeting non-fungible token (NFT) traders by exploiting loopholes in the NFT infrastructure, such as the Seaport protocol by OpenSea.
Furthermore, attackers are employing “address poisoning” which involves studying the transaction history of the user’s wallet and creating a familiar-looking address. They then send a low-value transaction to the victim to incorporate the malicious address into their transaction history, hoping the victim mistakenly copies and pastes it during their next transaction.
Some scammers are even using recognizable brands to build trust in potential victims. Recently, holders of Chainlink (LINK) received fake tLINK tokens, with an offer to exchange them for actual LINK tokens on a fraudulent website. These attackers can allocate fake ERC-20 tokens to legitimate smart contracts, making them appear genuine.
To avoid falling victim to these scams, users should always be cautious and verify the addresses their wallets interact with. Forta Network provides a database of fraudulent addresses to assist wallet providers like ZenGo in keeping their users safe. Forta uses machine learning models to monitor transactions in real-time to identify potential malicious behavior and assigns risk scores based on their findings.
As technology advances, hackers and scammers are becoming more sophisticated in their methods of attack. Therefore, it is imperative that users stay vigilant and wallet providers continue to develop built-in security features to combat scams and protect investors’ assets.
Source: Coindesk