November 8, 2024

Rise To Thrive

Investing guide, latest news & videos!

5 sneaky tricks crypto phishing scammers used last year: SlowMist

2 min read
5 sneaky tricks crypto phishing scammers used last year: SlowMist

Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord.

It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing,

“Unfortunately, it’s not possible to deauthorize a stolen signature through sites like Revoke,” SlowMist wrote.

“However, you can deauthorize any previous pending orders that you had set up, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature.”

Trojan horse currency theft

According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in testing a new project, then sends a program in the form of a compressed file that contains an executable file of about 800 MB.

After downloading the program, it will scan for files containing key phrases like “wallet” and upload them to the attacker’s server.

“The latest version of RedLine Stealer also has the ability to steal cryptocurrency, scanning for installed digital currency wallet information on the local computer and uploading it to a remote control machine,” said SlowMist.

“In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and send back periodic information about the infected computer.”

‘Blank Check’ eth_sign phishing

This phishing attack allows scammers to use your private key to sign any transaction they choose. After connecting your wallet to a scam site, a signature application box may pop up with a red warning from MetaMask.

After signing, attackers gain access to your signature, allowing them to can construct any data and ask you to sign it through eth_sign.

“This type of phishing can be very confusing, especially when it comes to authorization,” said the firm.

Same ending number transfer scam

For this scam, attackers airdrop small amounts of tokens, such as .01 USDT or 0.001 USDT to victims often with a similar address, except for the last few digits in the hopes of tricking users into accidentally copying the wrong address in their transfer history.

The rest of the 2022 report covered other blockchain security incidents in the year, including contract vulnerabilities and private key leakage.

Related: DeFi-type projects received the highest number of attacks in 2022: Report

There were roughly 92 attacks using contract vulnerabilities in the year, totaling nearly $1.1 billion in losses because of flaws in smart contract design and hacked programs.

Private key theft on the other hand accounted for roughly 6.6% of attacks and saw at least $762 million in losses, the most prominent examples being the Ronin bridge and Harmony’s Horizon Bridge hacks.