Enthusiasts often tout cryptocurrency as a more secure alternative to other digital payment methods. While the blockchain does have many cybersecurity advantages, it isn’t immune to hacking and scams. The emergence of new threats like ice phishing highlights these vulnerabilities.
These threats don’t necessarily mean blockchain technology is unsafe, but they do warrant attention if users want to stay safe. Crypto can be just as, if not more, secure than traditional payments if users know what to watch for and how to respond.
What Is Ice Phishing?
Microsoft recently published a report detailing security threats to Web3 technologies, including ice phishing. In an ice phishing attack, criminals try to trick victims into giving away approval of their tokens. They do this by using smart contracts to hide their intentions.
Smart contracts are blockchain programs that automatically execute after meeting predefined conditions. The example Microsoft gives is a token swap, where two parties exchange different crypto tokens, like exchanging currencies but without an intermediary.
Cybercriminals can infiltrate a crypto platform and inject malicious code into these smart contracts, like swapping the exchange’s wallet address for their own. When a user signs the contract, agreeing to the swap, the criminal gains approval to access their funds, which they can take without giving anything in return.
The BadgerDAO Attack
One of the most infamous examples of ice phishing happened on the BadgerDAO platform. Badger is a protocol that helps use bitcoin in decentralized finance (DeFi) operations on other blockchains. An ice phishing attack in late 2021 stole more than $100 million from Badger users.
Attackers injected a script into the smart contract platform that requested approvals for the attackers’ wallets to users’ accounts. People signed these smart contracts thinking they were using the Badger platform as usual, unintentionally giving attackers permission to move funds on their behalf.
The attackers only targeted accounts with larger balances and modified the script periodically. As a result, it was difficult to notice until they started to drain users’ accounts.
The Recent Ice Phishing Rise
The BadgerDAO attack highlights the growing threat of ice phishing. These hacks have already caused millions of dollars in damage, yet they were relatively unheard of until recently. This rapid rise results from several other trends.
Cybercrime has increased in prominence as more people have adopted digital services amid the pandemic. The FBI’s Cyber Division now receives between 3,000 and 4,000 complaints a day, three to four times as many as pre-pandemic levels. Cybercrime has become remarkably profitable, drawing in more attackers using various methods, like ice phishing.
Crypto’s recent surge in popularity also plays a role in this trend. Cryptocurrency adoption rose by 880% between 2020 and 2021, making these scams far more profitable. More cybercriminals have started targeting crypto as a result but have to adopt methods like ice phishing to account for its built-in security features.
Other Common Crypto Scams
Ice phishing is concerning, but it’s not the only crypto scam in use today. Cryptocurrency theft has increased 516% between 2020 and 2021, and scammers took a record $14 billion in assets. This trend is far larger than just ice phishing.
Here are three other common types of crypto scams to watch out for:
- Investment Schemes: Often using Ponzi or pump-and-dump schemes, criminals will trick investors into funding a fraudulent project. Ponzi schemes involve promising a fake investment opportunity, then using the funds to pay earlier investors and put money into the scammers’ pockets. Pump-and-dump crypto scammers inflate the value of a cryptocurrency, then sell all their assets, earning a huge profit before the crypto’s value plummets.
- Celebrity Impersonation Scams: Attackers pose as a trusted authority or celebrity, sometimes even hacking into their genuine accounts. They promise giveaways or investment opportunities, convincing followers to send them money via cryptocurrency.
- Fake Apps: Scammers will mimic a real crypto app, copying their logo, name and other information to get users to download it. However, once users enter their data, the app may install malware, access their crypto wallets or steal their info.
How to Avoid Ice Phishing and Other Scams
Ice phishing and crypto scams make cryptocurrency seem like a significant safety risk. Despite these threats, users can stay perfectly safe while using crypto. Following these steps can help prevent ice phishing and other scams.
1. Verify Everything, Trust Nothing
The most important step in crypto security is good advice for cybersecurity in any situation: Trust nothing and verify everything. Never take anything at face value, even if it seems safe or like it’s coming from a trusted source. As these scams highlight, it’s easy to look genuine.
Crypto users should verify the validity of any smart contract, app, investment opportunity or message before going through with it. Look at the wallet address in a smart contract to ensure it leads where it says it does.
Messages and apps are often easier to verify. Check for spelling errors, low-resolution images or unusual links. Anything that looks off may be cause for concern. Users can also check an app’s history to see how old it is, comparing it to the actual company to see if the timeline is correct.
Remember, something is likely a scam if it sounds too good to be true. Generous giveaways and investment opportunities with lofty promises should raise alarms.
2. Secure Crypto Wallets
Users must also ensure their crypto wallets are secure. Using multiple wallets is a good idea, so if one falls victim to an attack, users won’t lose all their coins. It’s best to have one cold wallet at an offline storage location to keep crypto safe from online scams.
Private keys should remain private. Never post them anywhere or give them to someone else, as this could give someone full access to a wallet. One of the best ways to protect these keys is to keep them in a cold wallet.
3. Report Scams
Crypto users should stay vigilant about scams and report any suspicious activity. Users that see an app that appears to mimic a legitimate company can notify the app store. Similarly, if they think they have found an investment scam, ice phishing attempt or other scheme, they can report it to a relevant authority.
Reporting scams will help security experts and law enforcement stop scammers before they harm too many people. Bringing attention to more fraud types will also help raise awareness about emerging crypto scam trends. More users can stay safe if they learn about the threats they face.
Keep Your Crypto Safe
Ice phishing and other crypto scams will likely become more common as cryptocurrency’s value and popularity keep climbing. Users should know how these schemes work so they can take the necessary steps to protect themselves.
These fraud examples aren’t the only ways scammers take advantage of crypto, but they highlight cybercriminals' various techniques. These threats are common, but users can avoid them with the right knowledge and practices.
ABOUT THE AUTHOR:
Zac Amos is a tech writer who focuses on cybersecurity. You can find more of his work at ReHack, where he is the Features Editor.
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky