Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it’s still in its early stages.
The company’s Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers.
“One aspect that the immutable and public blockchain enables is complete transparency, so an attack can be observed and studied after it occurred,” Christian Seifert, principal research manager at Microsoft’s Security and Compliance group, said. “It also allows assessment of the financial impact of attacks, which is challenging in traditional web2 phishing attacks.”
The theft of the keys could be carried out in several ways, including impersonating wallet software, deploying malware on victims’ devices, typosquatting legitimate smart contract front ends, and minting rogue digital tokens for Airdrop scams.
images from Hacker News