• News
    • Bitcoin
    • Altcoins
  • NFT
  • Metaverse
  • Analysis
  • Regulation
  • Learn
  • Market Cap
What's Hot

Senators grill federal officials over lack of oversight into SVB, Signature Bank collapse

2023-03-28

Disney Metaverse Division Reportedly Scrapped

2023-03-28

CFTC ‘Pretty Confident’ in Case Against Binance, Says Chairman Rostin Behnam

2023-03-28
Facebook Twitter Instagram
  • Contact
  • Terms & Conditions
  • Privacy Policy
  • DMCA
Facebook TikTok Instagram YouTube
CryptoNewsMetaverse
  • News
    • Bitcoin
    • Altcoins
  • NFT

    U.S. IRS Considers Taxing NFTs Like Other Collectibles

    2023-03-21

    Meta Shuts Down NFT Project to Focus on FinTech and Content

    2023-03-14

    Solana’s Solend V2 Release, Is SOL Price $50 Next?

    2023-03-06

    Amazon NFT Marketplace To Reportedly Launch Next Month

    2023-03-06

    Blur Coin Under Fire As Allegations Of Wash Trading Emerge

    2023-03-01
  • Metaverse

    Disney Metaverse Division Reportedly Scrapped

    2023-03-28

    Animoca Denies $200M Metaverse Fund Cut

    2023-03-27

    Metaverse Trading Hits All-Time High

    2023-03-24

    Exploring the Metaverse: A Guide to Investing in Metaverse Stocks

    2023-03-20

    A Guide to Virtual Land Staking in the Metaverse

    2023-03-20
  • Analysis

    DOJ Officially Seizes Over $456,000,000 Worth of Robinhood Shares Tied to FTX Founder Sam Bankman-Fried

    2023-01-08

    Mark Cuban Makes Prediction on Next Crypto ‘Scandal,’ Warns of Potential Implosion if Exposed: Report

    2023-01-08

    Binance Listings Cause Crypto Assets To Spike an Average of 41%: New Research

    2023-01-08

    Bitcoin Whales Unloaded BTC As Market Reversed and Parked Their Profits in This Crypto Asset Class: Santiment

    2023-01-07

    Crypto Analyst Predicts Breakout for AI-Focused Altcoin, Updates Outlook on Ethereum and Lido DAO

    2023-01-07
  • Regulation

    Senators grill federal officials over lack of oversight into SVB, Signature Bank collapse

    2023-03-28

    CFTC ‘Pretty Confident’ in Case Against Binance, Says Chairman Rostin Behnam

    2023-03-28

    OKX becomes latest exchange to apply for Hong Kong VASP license

    2023-03-28

    Balaji Srinivasan Says Millions of Worried Depositors Could Wire Money to Bitcoin As Banks Get Too Big To Escape

    2023-03-28

    Binance CEO CZ reveals copy of letter to US Senators – weeks before CFTC lawsuit

    2023-03-28
  • Learn

    Chart Patterns Cheat Sheet For Technical Analysis

    2023-03-21

    Best NFT Wallets in 2023

    2023-03-21

    What are Dapps (Decentralized Applications) Crypto?

    2023-03-17

    How to Short Sell Bitcoin

    2023-03-17

    Why Decentralized Exchanges Are On Rise? Can INNODEX Surpass Binance and Uniswap?

    2023-03-15
  • Market Cap
CryptoNewsMetaverse
Home»5 sneaky tricks crypto phishing scammers used last year: SlowMist

5 sneaky tricks crypto phishing scammers used last year: SlowMist

2023-01-10No Comments4 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and Trojan malware spread on the messaging app Discord.

The security firm recorded a total of 303 blockchain security incidents over the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to SlowMist’s Jan. 9 report.

A pie chart of attack methods in 2022 in percentages. Source: SlowMist

Malicious browser bookmarks

One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers.

SlowMist said scammers have been exploiting these to ultimately gain access to a project owner’s Discord account.

“By inserting JavaScript code into bookmarks through these phishing pages, attackers can potentially gain access to a Discord user’s information and take over the permissions of a project owner’s account,” the firm wrote.

After guiding victims to add the malicious bookmark through a phishing page, the scammer waits until the victim clicks on the bookmark while logged into Discord, which triggers the implanted JavaScript code and sends the victim’s personal information to the scammer’s Discord channel. 

During this process, the scammer can steal a victim’s Discord Token (their encrypted Discord username and password) and thus gain access to their account, allowing them to post fake messages and links to more phishing scams while posing as the victim.

‘Zero dollar purchase’ NFT phishing

Out of 56 major NFT security breaches, 22 of those were the result of phishing attacks, according to SlowMist.

One of the more popular methods used by scammers tricks victims into signing over NFTs for practically nothing through a phony sales order.

Once the victim signs the order, the scammer can then purchase the user’s NFTs through a marketplace at a price determined by them.

Cast your vote now!

“Unfortunately, it’s not possible to deauthorize a stolen signature through sites like Revoke,” SlowMist wrote.

“However, you can deauthorize any previous pending orders that you had set up, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature.”

Trojan horse currency theft

According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in testing a new project, then sends a program in the form of a compressed file that contains an executable file of about 800 MB.

After downloading the program, it will scan for files containing key phrases like “wallet” and upload them to the attacker’s server.

“The latest version of RedLine Stealer also has the ability to steal cryptocurrency, scanning for installed digital currency wallet information on the local computer and uploading it to a remote control machine,” said SlowMist.

“In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and send back periodic information about the infected computer.”

An example of the RedLine Stealer in action. Source: SlowMist

‘Blank Check’ eth_sign phishing

This phishing attack allows scammers to use your private key to sign any transaction they choose. After connecting your wallet to a scam site, a signature application box may pop up with a red warning from MetaMask.

After signing, attackers gain access to your signature, allowing them to can construct any data and ask you to sign it through eth_sign.

“This type of phishing can be very confusing, especially when it comes to authorization,” the firm sai.

Same ending number transfer scam

For this scam, attackers airdrop small amounts of tokens — such as .01 USDT or 0.001 USDT — to victims with a similar address except for the last few digits. The goal is to trick users into accidentally copying the wrong address in their transfer history.

An example of a same end number phishing attempt. Source: SlowMist

The rest of the 2022 report covered other blockchain security incidents over the year, including contract vulnerabilities and private key leakage.

Related: DeFi-type projects received the highest number of attacks in 2022: Report

There were roughly 92 attacks using contract vulnerabilities in the year, totaling nearly $1.1 billion in losses because of flaws in smart contract design and hacked programs.

Private key theft on the other hand accounted for roughly 6.6% of attacks and saw at least $762 million in losses, the most prominent examples being hacks of the Ronin bridge and Harmony’s Horizon Bridge.

Source link

Crypto Phishing scammers SlowMist Sneaky tricks Year
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Coinbase Executive Says US Government Squandering Lead in Technology With Lack of Crypto Regulatory Clarity

2023-03-27

CFTC Goes After Binance and Changpeng Zhao With Lawsuit, Bitcoin (BTC) and Crypto Markets Get Rocked

2023-03-27

US Prosecutors Slam Terra (LUNA) Founder Do Kwon With Eight Counts of Fraud for 2022 Crypto Collapse

2023-03-26

Crypto Analyst Nicholas Merten Says Fed Money Printing Won’t Spark New Bitcoin (BTC) Rally – Here’s Why

2023-03-26
Add A Comment

Leave A Reply Cancel Reply

Top Posts

IRS prepares for an increase in crypto cases in the upcoming tax season

2022-11-05

TRON (TRX) Prices Jump 13% As DeFi Appeal Grows

2022-06-01

Mango Markets hacker allegedly feigns Curve short attack to exploit Aave

2022-11-22

Subscribe to Updates

Get the latest news and Update from Cryptonewsmetaverse.com about Crypto, Metaverse and NFT.

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Cryptocurrencies, NFT, Metaverse and more.

We're social. Connect with us:

Facebook Instagram YouTube TikTok
Top Insights

Senators grill federal officials over lack of oversight into SVB, Signature Bank collapse

2023-03-28

Disney Metaverse Division Reportedly Scrapped

2023-03-28

CFTC ‘Pretty Confident’ in Case Against Binance, Says Chairman Rostin Behnam

2023-03-28
Get Informed

Subscribe to Updates

Get the latest news and Update from Cryptonewsmetaverse.com about Crypto, Metaverse and NFT.

  • Contact
  • Terms & Conditions
  • Privacy Policy
  • DMCA
© 2023 Cryptonewsmetaverse.com. Designed by ProdigitalX.

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$27,405.001.22%
  • ethereumEthereum(ETH)$1,780.943.79%
  • USDEXUSDEX(USDEX)$1.07-0.53%
  • tetherTether(USDT)$1.00-0.12%
  • binancecoinBNB(BNB)$313.731.27%
  • usd-coinUSD Coin(USDC)$1.00-0.10%
  • rippleXRP(XRP)$0.539.89%
  • cardanoCardano(ADA)$0.3776159.32%
  • Lido Staked EtherLido Staked Ether(STETH)$1,777.096.19%
  • dogecoinDogecoin(DOGE)$0.0743082.17%