Scammers have emerged, equipped with sophisticated tech tools, to deceive you and steal your hard-earned cash. Ice phishing is a sophisticated scam technique that targets the crypto community. CertiK, a cyber research firm, has issued its latest advisory to the global Web3 industry. It warns against rising instances of icephishing scams and outlines preventative measures to protect your finances.
Ice Phishing scams are hack-attacks which manipulate Web3 users to manually sign and approve permissions that permit notorious actors to spend their tokens.
These permissions are usually required to be signed on Decentralised Finance (DeFi), which could be easily mocked up.
The hacker needs to convince a user that the malicious address they are giving permission to is legitimate. CertiK stated in its report that once a user gives permission for the scammer spend tokens, the assets are at high risk of being drain.
Once they have this permission, the scammers can transfer funds from victim’s accounts to any wallet address.
However, this is not the case with traditional Phishing Scams. In these scams hackers are able to steal passwords and private keys by tricking victims into clicking on malicious links or visiting infected websites.
CertiK asked Web3 investors not to grant permissions to unknown addresses as a security-focused suggestion. This is especially important when browsing blockchain explorers like Etherscan.
It has been suggested that people look out for suspicious addresses asking for random permissions to use blockchain explorer sites.
Microsoft first mentioned the concept of Ice Phishing in a blog article published February 2012.
Web3 is the decentralised, distributed world built on cryptographic security. This is what lays the foundation for the Blockchain. Imagine if an attacker could – unilaterally – take a large chunk of market funds and keep it hidden. The software giant said that this would change the game’s dynamics.
In an ice-phishing attack, 14 NFTs from the famous Bored Apes Yacht Club collection were taken. After an investor was tricked into signing a transaction request that appeared to be a contract for the use of these NFTs in a movie, the scam unfolded. The actor purchased the NFTs for next to nothing after the scammer had obtained permission, Cointelegraph reported.
“Many ice-phishing scams can also be found on social media, such as Tweet. Fake profiles pretend to represent legitimate projects and promote fake airdrops. “The best way to avoid being a victim to ice phishing scams is to visit trusted sites like Coinmarketcap.com and coingecko.com to verify official websites,” CertiK reported.
Is the Realme Pad X your budget ‘iPad? This is Orbital. We also discuss it on the Gadgets 360 podcast. Orbital can be found on Spotify, Gaana and JioSaavn.
Affiliate links can be generated automatically – please see our ethics declaration for more details.
Featured Video of the Day
Limit Screen Time for Your Child. Here’s how to limit screen time for your child.
