5 Crypto Phishing Scams to Watch out for
Even though phishing scams can seem obvious, something we’re confident we can avoid, the truth is this type of scam generates millions of dollars of profit for scammers every year. Staying up to date on crypto cybersecurity should be a priority for anyone who stores and invests in digital assets.
Did you know phishing and rug-pull scams make up 31.6% of all blockchain-related security incidents?
SlowMist, a leading blockchain auditing firm, recently released its 2022 report, which shows that of the 303 blockchain-related security incidents of 2022, nearly a third were related to the phishing-related activity.
Crypto offers exciting security options for users, allowing individual users to take agency of their savings in new and empowering ways without relying on a third party for security measures. This is a big advantage overall, but it offers new points of vulnerability that every crypto user should be aware of. Of the 303 blockchain-related security incidents of 2022, phishing and rug-pulls were the largest security risk, followed closely by contract vulnerability.
Let’s look at the most common scams and security risks to understand where you might be at risk.
Browser Bookmarks
This scam inserts JavaScript into a bookmark, which is led to the user through a phishing page. As long as the user is concurrently logged into Discord, they will trigger the implanted code when they use the saved bookmark, sending important Discord login information to the scammer.
With this information, scammers can steal Discord tokens and login into their accounts to be used for further phishing and spam attempts. If you’re going to bookmark a link from an unknown crypto project, be sure to watch out for malicious browser bookmarks!
Trojan Horse
RedLine Stealer is a well-known trojan horse currency theft scam. In this scam, which usually occurs via Discord message services, scammers pretend to be a new upcoming project that requires testing. They then send a file to the victim containing a compressed file of about 800mb.
Upon being opened, the program will look for files that contain the term “wallet” and send this information back to the scammer, along with the ability to steal crypto by scanning for installed crypto wallet information stored on the local hard drive.
‘Zero dollar purchase’ NFT Phishing
One of the most popular NFT scams out there, this scam involves creating false sales orders. Once the seller falls for the fake order and signs it, the scammer can use their signature to purchase the NFT through a marketplace at their own price.
SlowMist auditors report that in 2022, there were 56 NFT-related security breaches, with 22 resulting from phishing attacks.
Number Transfer Scam
The same number transfer scam involves the scammer creating a list of airdrop recipient addresses, which they send to their victims. The recipients all share similar wallet addresses, with the goal of confusing the victim into copying the wrong address in their transfer history.
‘Blank Check’ Eth_sign Phishing
This phishing attack involves scammers attaining your private key via you connecting your wallet to a phishing site. Users who unsuspectingly connect their wallets will allow scammers to construct any data and ask you to sign it through eth_sign.
Conclusion
Even though phishing scams can seem obvious, something we’re confident we can avoid, the truth is this type of scam generates millions of dollars of profit for scammers every year. Staying up to date on crypto cybersecurity should be a priority for anyone who stores and invests in digital assets.
Outside of phishing, contract vulnerabilities were the biggest issue, with nearly 1.1 billion in losses from hacked programs that exploited flaws in smart contract design. Proportionately, private key theft remained a concerning security issue, with nearly $762 million in losses, even though private key theft accounted for just 6.6% of attacks.
