5 sneaky tricks used by crypto-phishing scammers last year : SlowMist

Blockchain security firm SlowMist has highlighted five common phishing techniques used by crypto scammers on victims in 2022, including malicious browser bookmarks, fake vouchers and Trojans distributed on the messaging app Discord.

This comes after the security firm recorded a total of 303 blockchain security incidents during the year, with 31.6% of those incidents caused by phishing. rug draw or other scamsaccording to a SlowMist blockchain security from January 9 report.

A pie chart of attack methods in 2022 in percentages. Source: SlowMist

Malicious browser bookmarks

One of the phishing strategies uses bookmark handlers, a feature of most modern browsers.

SlowMist said the scammers exploit them to eventually gain access to a project owner’s Discord account.

“By inserting JavaScript into bookmarks through these phishing pages, attackers can potentially gain access to a Discord user’s information and take over a project owner’s account permissions,” the company wrote.

After guiding victims to add the malicious bookmark via a phishing page, the scammer waits for the victim to click on the bookmark while logged into Discord, which triggers the implanted JavaScript code and sends the victim’s personal information. victim to the scammer’s Discord channel.

During this process, the scammer can steal a victim’s Discord token (encrypting a Discord username and password) and gain access to their account, allowing them to post fake messages and links to other phishing scams impersonating the victim.

“Zero Dollar Purchase” NFT Phishing

out of 56 main NFT security vulnerabilities22 of them were the result of phishing attacks, according to SlowMist.

One of the most popular methods used by scammers is to trick victims into signing NFTs for next to nothing through a fake purchase order.

Once the victim signs the order, the scammer can then buy the user’s NFTs through a marketplace at a price determined by him.

Vote now!

“Unfortunately, it is not possible to deauthorize a stolen signature via sites like Revoke,” SlowMist wrote.

“However, you can deauthorize any previous pending orders you had set up, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature.”

Trojan coin theft

According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in the testing of a new project, then sends a program as a compressed file that contains an executable file of about 800 MB.

After downloading the program, it will search for files containing key phrases such as “wallet” and upload them to the attacker’s server.

“The latest version of RedLine Stealer also has the ability to steal cryptocurrency, by analyzing the digital currency wallet information installed on the local computer and uploading it to a remote control machine,” SlowMist said.

“In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and return periodic information about the infected computer.”

An example of the RedLine Stealer in action. Source: SlowMist

Phishing “blank check” eth_sign

This phishing attack allows crooks to use your private key to sign any transaction they choose. After connecting your wallet to a fraudulent site, a signature enforcement box may appear with a red warning from MetaMask.

After signing, attackers have access to your signature, allowing them to construct any data and ask you to sign it via eth_sign.

“This type of phishing can be very confusing, especially when it comes to authorization,” the firm said.

Same Ending Number Transfer Scam

For this scam, attackers drop small amounts of tokens, such as 0.01 USDT or 0.001 USDT to victims who often have a similar address except for the last digits in hopes of tricking users into accidentally copying the wrong address in their transfer history.

Example of a phishing attempt involving the same end number. Source: SlowMist

The rest of the 2022 report covered other blockchain security incidents during the year, including contractual vulnerabilities and private key leaks.

Related: DeFi-like projects received the most attacks in 2022: report

There were approximately 92 attacks using contract vulnerabilities during the year, totaling nearly $1.1 billion in losses due to flaws in the design of smart contracts and hacked programs.

Private key theft, meanwhile, accounted for about 6.6% of attacks and resulted in at least $762 million in losses, with the most prominent examples being Ronin’s Bridge and Harmony Skyline Bridge hacks.