2nd Edition

Tracking the trends and news for IT and IT Security

Paul

5 sneaky tricks crypto phishing scammers used last year: SlowMist – VCP Crypto News

5 sneaky tricks crypto phishing scammers used last year: SlowMist – VCP Crypto News
– VCP CryptoNews Staff
In 2022, SlowMist, a blockchain security firm, identified five common phishing techniques used by crypto scammers to target victims. These techniques included the use of malicious browser bookmarks, phony sales orders for NFTs, Trojan malware spread through Discord, “blank check” eth_sign phishing, and a same ending number transfer scam. Malicious browser bookmarks: Scammers manipulated bookmark managers in web browsers to gain access to a project owner’s Discord account. By inserting JavaScript code into phishing pages, attackers obtained victims’ personal information and Discord credentials, allowing them to pose as the victim and post fake messages and links. ‘Zero dollar purchase’ NFT phishing: Scammers deceived victims into signing over their NFTs for a negligible price through fraudulent sales orders. Once the victim signed the order, the scammer purchased the NFTs at a price determined by them. Trojan horse currency theft: This attack occurred through private messages on Discord, where scammers invited victims to test a new project. Victims downloaded a program containing an executable file that scanned for wallet information and uploaded it to the attacker’s server, potentially leading to cryptocurrency theft. ‘Blank Check’ eth_sign phishing: Scammers tricked victims into using their private key to sign any transaction by connecting their wallet to a scam site. After signing, attackers gained access to the victim’s signature and could construct any data and request signing through eth_sign. Same ending number transfer scam: Attackers airdropped small token amounts to victims with similar addresses, except for the final few digits. The goal was to deceive users into accidentally sending tokens to the wrong address. SlowMist’s report also highlighted other blockchain security incidents in 2022, including contract vulnerabilities, which resulted in approximately $1.1 billion in losses, and private key theft, which accounted for around $762 million in losses.
Link: https://vcpcryptonews.com/2023/01/10/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist/

Categories:

Tags: