Amid an epoch where countless wealth is being directed and stored virtually via cryptocurrencies like BTC and ETH, emerging concerns over cybersecurity have taken center stage. With millions in assets being lost to unsavory phishing attacks and wallet drainers, users treading the waters of the digital monetary sphere are left contending with a new breed of risks.
Phishing and wallet draining scams are particularly prevalent on platforms that enable hiding links within texts. We observed how an instant messaging platform Discord was manipulated by scammers to cloak wallet drainer links, exposing users to an elevated level of risk. While it’s reported that the enabling of this particular function is a recent development on Discord, it’s been an available feature on many other social platforms for some time.
To gain further insight into how users can shield themselves from such tactics and the appropriate measures platforms should implement to bolster safety, we turned to a community of cybersecurity professionals, including representative from Web3 security firm, Forta Network, Christian Seifert.
Detailing that this style of attack has been a cornerstone for hackers since the dawn of the internet, Seifert illuminated that ‘hyperlinks with text are a feature supported as part of HTML and have been a source for phishing attacks since the early days of the internet.’ He further articulated that ensuring security requires an in-depth defense approach that necessitates both users and platforms contributing toward safeguarding efforts.
For users, Seifert listed several plugins that can aid in defending against such imposition. On the platform’s side, Discord, for example, does a fairly good job at providing information on the true destination of the URL once clicked by the user. However, the platform has a potentially risky feature of allowing ‘trusted’ domains, (which can be exploited by hackers) to garner unwarranted user trust, amplifying the risk of scams.
Delving deeper into concerns around Discord’s current approach, Seifert cited the discrepancy between the masqueraded text links and their actual internet destinations. The cybersecurity professional suggested that mismatched links and domains which misalign with users’ expectations should be disallowed by the platform.
Taking the discussion a notch higher, the director of security operations at the blockchain security firm CertiK, Hugh Brooks, seconded Seifert’s sentiments. Brooks stressed the importance of platforms routinely updating their security measures and users adopting vigilance and a heightened level of education about these realities.
In conclusion, it’s clear that fostering a culture of vigilance and implementing stringent platform security measures are pivotal to securely navigating the burgeoning world of cryptocurrencies. After all, the inevitability of change insists we, as users and developers, adapt and improve to ensure, in this case, the safe handling of virtual assets.
Source: Cointelegraph