Friday, March 29, 2024

Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks

ICE PHISHING: Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early stages.

The company’s Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers.

One aspect that the immutable and public blockchain enables is complete transparency, so an attack can be observed and studied after it occurred,” Christian Seifert, principal research manager at Microsoft’s Security and Compliance group, said. “It also allows assessment of the financial impact of attacks, which is challenging in traditional web2 phishing attacks.”

The theft of the keys could be carried out in several ways, including impersonating wallet software, deploying malware on victims’ devices, typosquatting legitimate smart contract front ends, and minting rogue digital tokens for Airdrop scams.

Ice Phishing

Another technique involves what Microsoft calls “ice phishing.” Rather than stealing a user’s private keys, the method works by deceiving the target into “signing a transaction that delegates approval of the user’s tokens to the attacker.”

“Once the approval transaction has been signed, submitted, and mined, the spender can access the funds,” Seifert elaborated. “In case of an ‘ice phishing’ attack, the attacker can accumulate approvals over a period of time and then drain all [the] victim’s wallets quickly.”

One such instance of ice phishing came to light in early December 2021 with the high-profile hack of Ethereum-based DeFi platform BadgerDAO, wherein a maliciously injected snippet using a compromised API key enabled the adversary to siphon $121 million in funds.

Recommended:  Meta issues a warning about the continued use of spyware targeting users of social media

“The attacker deployed the worker script via a compromised API key that was created without the knowledge or authorization of Badger engineers,” BadgerDAO said. “The attacker(s) used this API access to periodically inject malicious code into the Badger application such that it only affected a subset of the user base.”

The script was programmed such that it would intercept Web3 transactions from wallets over a certain balance and insert a request to transfer the victim’s tokens to an address chosen by the attackers.

To mitigate threats affecting the blockchain technology, Microsoft is recommending users to review and audit the smart contracts for adequate incident response or emergency capabilities and periodically reassess and revoke token allowances.

You may also enjoy reading, Q4/21: Sees More DDoS Attacks Than Ever Before

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security