Phishing Attacks: How to Safeguard Your Crypto and NFTs Against Them.
2022 is a big year for hackers and scammers targeting the crypto community and various DeFi projects. It is estimated that $2 billion has been stolen in DeFi hacks in the first half of 2022. If the current pace of theft in the crypto-verse through hacks continues, the total stolen by the end of the year could eclipse 2021’s record of $3.2 billion.
The ways and means by which hackers target crypto projects and the community was previously highlighted by the team at OMNIA. However, targeted phishing attacks have risen in the last few weeks and have become the most popular method preferred by hackers.
So What is Phishing?
Phishing is a form of social engineering where a would-be attacker tries to take advantage of another individual or company by sending fake messages to trick them into revealing sensitive information that can potentially benefit the attacker.
Phishing Attacks Have Evolved to Include Malicious Files that Automatically Retrieve Sensitive Information from Computers.
Typically, phishing attacks are carried out by persuading victims to reveal their personal information voluntarily.
The latter is often achieved through enticing emails or advertisements on quick gains from free crypto or NFTs, leading the victim into revealing the private keys to their wallets in the hope of reaping financial benefits without having to work too hard for them.
However, the game has evolved, and the social engineering has metamorphosized into a more sophisticated method of manipulating a victim into downloading a malicious file that goes on to gather personal information without further input from the targetted individual.
This method was best demonstrated by @samczsun of the Web3 Investment firm known as Paradigm, who was the target of a very sophisticated attack that started as an urgent private message on Twitter.
The urgent message notified @samczsun that he was being sued and provided a link for him to read a copy of the lawsuit. But, @samczsun soon realized that the link automatically downloaded a file to his computer.
Luckily, his awareness of how phishing attacks happen made him cautious of the file, which he did not open. He decided to investigate its contents further and soon found out that it had two files in its archive with two file extensions: URL and PDF.
If he had opened these files, they would have granted the attackers complete access to his crypto wallet and the digital assets stored within.
Axie Infinity Hack Was the Result of a Similar Phishing Attack.
Additionally, the team at The Block revealed that March’s record-breaking $610 millionAxie Infinity hack by the state-sponsored North Korean hacker group Lazarus used a similar targeted phishing attack.
In this case, a senior engineer at Axie Infinity’s parent company, Sky Mavis, was tricked into applying for a job at a fake company. The attackers also enticed other Sky Mavis employees into pursuing job offers at the fake company.
The senior engineer allegedly went through various interviews and was eventually offered a job with an ‘extremely generous compensation package.’ The fake job offer was then delivered as a PDF document that turned out to be a malicious file, similar to the one identified by @samczsun above.
Upon downloading the file, the Sky Mavis senior engineer unknowingly let spyware into his computer and the entire Ronin network systems.
Consequently, the hackers took over four of the nine Ronin Network validators. Although five validators were needed to carry out a withdrawal event on the Ronin Network bridge, the targeting phishing made the attack easier and faster for the Lazarus hacker group.
Ways of Protecting Yourself From Targeted Phishing Attacks.
The two examples above prove that anyone can become a victim of a targeted phishing attack. The social engineering and trickery by hackers have evolved into a sophisticated and patient process of coercing a potential victim into downloading a malicious file that automatically retrieves sensitive information used to carry out the attack.
However, crypto users and projects can still take the following measures to prevent phishing attacks from being successful.
- Being informed on new ways phishing attacks are being carried out.
- Keeping in mind past patterns of known phishing attacks and using them to determine potential threats on the internet.
- Always doubting links and files sent through email, SMS, and private messages on social media.
- Double-checking website addresses, email addresses, and usernames on social media to figure out if they are from legitimate sources or if attackers have modified them to potentially fool you into becoming a victim of a phishing attack.
- Installing firewalls and pop-up blockers that could potentially reduce phishing attacks.
- Being cautious when doing Google searches as creators of malicious websites design them in a way they appear at the top of search engine results.
- Not letting yourself get carried away by exclusive offers such as NFT mints, free airdrops, and whitelists for new crypto projects.
- Learning how to investigate if a file is malicious by running it within a controlled virtual environment (a sandbox) such as Docker, as demonstrated by @samczsun on Twitter.