Sam Bankman-Fried, founder of FTX, announced on Twitter that users whose cryptocurrency was stolen through recent phishing attacks will be awarded $6 million in compensation. Sam also made it clear that the compensation will only apply to FTX accounts and will be a “one off” settlement not intended to be repeated in a future similar incident.
2022, the year of the hacks
FTX users have recently been targeted by attackers. Hackers gained access to users’ cryptocurrency by gaining access to users’ 3Commas API keys and conducting unauthorized trades. Sam Bankman-Fried took to Twitter to announce the compensation plan. Sam also suggested a “5-5 standard” agreement in his tweet, in which he suggested that the cryptocurrency hackers could keep either $5 million or 5% of all the stolen assets. The CEO of FTX asked the hackers to return approximately $5.7 million, or about 95% of the total stolen assets, to a listed wallet address within twenty-four hours; The CEO promised to acquit the hackers if they complied.
3 commas in a published statement has denied that the breach stemmed from a leak of API keys on any of its systems. “Neither 3Commas’ account security and API encryption systems nor our partner exchanges’ account security and API encryption systems have been breached“, says the report. 3Commas has indicated that the breach is most likely related to a phishing scam that the users fell victim to.
Hacks have been rampant in the cryptocurrency space over the past year, and hackers have become increasingly sophisticated in the methods and techniques they use to carry out malicious attacks. There have been incidents of cryptocurrency exchange hacks, DeFi protocols, cross-chain bridges, and liquidity pool draining, among others. In some cases, flaws in smart contract codes have been exploited, giving attackers access to millions of dollars worth of cryptocurrencies. In 2022 alone, notable hacking incidents include Axie Infinity’s Ronin Bridge hack, in which the hacker stole over $600 million worth of Ethereum and USDC, the Wormhole Bridge attack, which resulted in a loss in February of $320 million, and the recent attacks on the Binance Bridge as well as the Mango protocol, resulting in losses of over $600 million and $100 respectively. Some of these hacks directly target the users who unknowingly provide their passwords, private keys, seed phrases and other vital credentials to hackers.
What is phishing and how to recognize and avoid a phishing attack?
Phishing was rampant in Web2 and spread from Web2 to Web3. Phishing is a form of social engineering attack in which an attacker, pretending to be a legitimate source, tricks a user into revealing important personal information. Attackers send official-looking emails and create cloned login pages and websites to trick unsuspecting users into performing an action, such as downloading software via a link or entering credentials on a cloned, fake website. These fake websites often have a domain name that looks similar to the original websites. Phishers use these methods and techniques to gain the trust of their victims and trick them into lowering their guard.
Phishers sometimes use social networks to collect their victim’s basic personal information. With this personal information, a phisher could then plan how to orchestrate a phishing attack on the victim.
Types of Phishing Attacks
Phishing attacks have become varied and sophisticated over the years, with each attack type having a specific name. Here are some of the most common types of phishing attacks.
- Email Phishing: This is the most common type of phishing. The tone of phishing emails most often involves a threat or a sense of urgency to trick a user into quickly following the instructions in the email without double-checking the email source. Phishing emails mainly contain links to a fake login page or links to a malware website.
- Spearfishing: This is also a phishing attack that is carried out by sending phishing emails, but with spear phishing the attacker already has advance information such as the name, job title or function of the victim.
- Angler Phishing: An angler phishing attack occurs when an attacker uses fake social media accounts to impersonate the account of a well-known person or organization. This is common on crypto twitter; “verifiedFake accounts post links to fake airdrops, giveaways, and “crypto duplication” schemes. Phishers have also been active on social media with fake customer support profiles: they quickly reach customers who publicly ask for help or customer support, and trick the victim into divulging sensitive information.
- Whaling: This is a phishing attack that targets an organization’s senior management. In this type of attack, attackers electronically send highly personalized and well-structured offers or proposals to an organization’s senior management: the documents would contain malicious links. If a member of the organization’s top management is victimized, the organization’s confidential data could be compromised.
Web3-specific phishing attacks
As the latest generation of the Internet, Web3 has not been spared from phishing attacks. Phishers have infiltrated Web3 communities including Telegram and Discord groups of crypto projects and “Crypto Twitter”. Fraudulent airdrops are common. A typical Web3 phishing attack begins with the attacker posting a fraudulent airdrop or other promotion and “shilling”. These phishers operate like an organized crime syndicate; They use different accounts to like, share and comment on the deceptive airdrop post to give credibility to the airdrop and lure victims to the phishing website. When a victim visits the website, which is usually a clone of a legitimate project, the phishing website asks the user to enter their private key or seed phrase. The phisher receives the credentials and the victim’s wallet is emptied.
Another common phishing attack in Web3 and the cryptocurrency space adds a malware link to an email or direct message (DM). The unsuspecting user clicks on the link and the malware is “silently” installed on the user’s device. The malware constantly monitors the device’s clipboard; When a user tries to send crypto and copy and paste the recipient’s wallet address, the malware changes the wallet address to an attacker-controlled wallet address, and the sent cryptocurrency is then unknowingly sent to the attacker’s wallet.
How to recognize and avoid phishing
Phishing emails always contain some form of urgency. For example, an email instructing a user to update their crypto wallet would otherwise be denied access to the wallet until midnight. This is a classic example of the victim being rushed through the process before realizing it’s a phishing attack.
Grammar errors are very common in most phishing messages. The tone of an email or direct message — for example, being overly friendly in what appears to be a formal conversation — could also be a telltale sign of phishing.
Mismatches in web URLs are one of the main characteristics of phishing websites. URLs are often hyphenated on phishing websites that impersonate a legitimate website. For example, the domain name “metamask.io” would become “meta-mask.io”. In some cases, the letters “i” and “l” are replaced by the number “1”. An example would be “binance.com” changed to “b1nance.com”. These subtle changes in the names of the URLs might go unnoticed by a victim.
There are simple measures to avoid becoming a victim of a phishing attack. These include: double-checking the URLs of visited websites before engaging in any activity on the website, listening for subtle cues like the tone of communication when receiving an email or DM from unknown sources, and never revealing information like passwords, private keys, etc Seed phrases to anyone — not even the supposed platform’s account managers — and installing necessary security tools like two-factor authentication (2FA) on all supported apps and wallets.
Learn Crypto Trading, Yield Farms, Income strategies and more at CrytoAnswers
https://nov.link/cryptoanswers
Comments are closed.