Blockchain security company SlowMist describes five common Internet phishing techniques used by login password fraudsters to victims in 2022, including deliberate browser bookmarks, misrepresentation of customer orders and Trojan malicious programs delivered on instant messaging Discord.
According to the SlowMist report on Jan. 9, the security company showed a total of 303 blockchain security incidents a year, of which 31.6% were caused by fishing, blankets or other scams.
One of the fishing strategies is to use post-it management tools, which is also a function of most modern browsers.
Fraudsters have been using the data to obtain discordant accounts of users of new projects, SlowMist said.
"through this phishing page, attackers insert JavaScript code into their notes and are likely to gain access restrictions on discordant customer information and take over user account management rights for new projects," the company wrote.
After the phishing page correctly guides the victim to add the intentional note, the fraudster waits for the victim to click the note when logging in discord, then opens the embedded JavaScript code and notifies the victim's own information to the swindler's discord channel column.
In the process, the fraudster can steal the victim's discordant dynamic passwords (discordant account passwords encrypted by their data) and then browse his account. allow them to pretend to be victims to publish false news and connections that favor a large number of Internet phishing scams.
According to SlowMist, of the 56 major NFT network security issues, 22 were caused by Internet phishing attacks.
One of the more popular methods used by fraudsters is what to cajole victims into signing NFT completely free of charge based on false customer orders.
Once the victim signs the order information, the fraudster can use the sales market to buy the customer's NFT at a specific price.
"Unfortunately, it is not possible to eliminate authorization for stolen signatures based on sites like Revvoke," SlowMist wrote. "
However, you can revoke all pending order authorizations you have previously set, which helps reduce the risk of Internet phishing attacks and prevent attackers from applying your signature.
According to SlowMist, this type of attack is generally based on private information about discord, in which attackers invite victims to participate in testing the latest projects and push programs including approximately 800 MB executables in the form of compressed packages.
After downloading the operation for free, he will scanner including the core statement file such as "wallet" and upload it to the attacker's server.
"the latest version of the bottom line thief also has the ability to steal digital currency," SlowMist said. "the scanner installs the contents of the digital currency wallet on the local computer and uploads it to the remote operating device."
In addition to stealing digital currency, Redline Stealer can also upload and download documents, run commands, and send on-time information content to relevant affected computers.
This type of Internet phishing attack allows fraudsters to use your public key to sign all the transactions they choose. After sending your wallet to a fraudulent website, a signature application box may pop up, mainly containing a red warning from MetaMASK.
After signing, attackers can browse your signature, allow them to structure all data information and require you to sign through ETH_SIGN.
"this type of Internet fishing is likely to be very confusing, especially when it comes to licensing," the company said. "
In this scam, the attacker airdropped a few dynamic passwords to the victim-- such as $0.010 or $0.001-- and his detailed address was similar except for many of the final data. The main purpose is to cajole customers into accidentally copying incorrect addresses in the transfer history data.
Other parts of the 2022 report include other blockchain security issues over the past year, including contract vulnerabilities and public key leaks.
There are about 92 exploits of contract vulnerabilities this year, resulting in cumulative losses of nearly $1.1 billion due to deficiencies in smart contract design and hacker programs.
On the other hand, public key theft is about 6.6% of attacks, resulting in damage of at least $762 million. The most obvious example is the hacker's intrusion into the Luoning overpass and the harmonious horizon overpass.
Polkadot was launched in May 2020. In a market dominated by Bitcoin and Ethereum, it quickly established itself as the next generation blockchain. The scale and interoperability problems limit Bitcoin's ability to transfer value without the assistance of
For some newcomers to the currency circle, they are not familiar with the investment in the currency circle, and their understanding of the special currency is not very deep. Therefore, they may be at a loss in the choice of investment methods. Many inves
Lummis is a well-known crypto advocate on Capitol Hill with over $100,000 in crypto.
Several analysts argue that shrimp accumulation is good for the Bitcoin network because it makes the asset more decentralized over time.
ARK Invest filed for a spot Bitcoin ETF in collaboration with 21Shares long before BlackRock did, and its application is reportedly first in line for the SEC’s approval.
Interestingly, the price surge was on the back of increased activity from whales, as indicated by on-chain data. The increased activity led to an increased"/>
Recent market dynamics have seen Solana struggling to break above the $200 mark. A notable bearish factor among these market fundamentals is the recent"/>
DOGE, the internet's favorite memecoin, is back in the spotlight. Recent data reveals a surge in futures market activity, coupled with bullish technical"/>
The recent stratospheric rise of Bitcoin, reaching a new all-time high of $73,000, has sent ripples of excitement and trepidation through the crypto world."/>
Co-founder of Tornado Cash Roman Storm has filed a motion to dismiss the charges levied against him by the US Department of Justice (DOJ)."/>
On Thursday, March 28, a hack occurred on Prisma Finance, a decentralized lending protocol on the Ethereum network. The exploiter carted away about 3,257.7"/>
Once fully licensed in Dubai, Bybit plans to run a full-scope exchange, offering crypto lending, payments, investment and other services.
Tue, 18 Apr 2023