- Phishing attacks predate the Web3, and Web2 eras. Experts believe that the attack’s first accurate documentation occurred in the mid-90s
- In November 2021, a bZx protocol developer fell victim to a phishing attack in which the hacker acquired various private keys crucial to bZx protocols
- First, the assumption is a crucial factor that most phishing attacks hinge on. Simply assuming that the email received was legitimate without further scrutiny led to the hacker gaining access to the personal computer
Cryptocurrency, NFT, Blockchain and other Web elements have rapidly grown over the past decade. Considering cryptocurrency, everyone first thought it was a joke, a 1-minute show. Eventually, everything would go back to normal, although it did not.
Crypto has grown to a point where large organizations such as Google and Amazon plan to incorporate it into their payment system. These and other blockchain security articles have touched on the aspects that plague crypto safety. These factors tend to stem from two key points: blockchain is still relatively new. Hence it still contains various flaws and zero-day errors.
The other and more prominent one is human error which is a category that classifies those who merely lack the knowledge to those whose who deliberately undermine the power of crypto scams and hacks. Here is another look at a blockchain vulnerability that thrives on human error and merely lacks knowledge: Phishing attacks.
These articles serve the purpose of educating, so any attempt to try and implement any breach mechanism will be held liable for their actions.
What are Phishing attacks?
Phishing attacks predate the Web3, and Web2 eras experts believe that the attack’s first accurate documentation occurred in the mid-90s. A phishing attack is merely posing as a legitimate company, service or individual to acquire vital information such as login credentials or sensitive data.
In layman’s language, it mainly tries to defraud an unsuspecting victim of money. Over the years, the attack’s sophistication grew but later declined as Web2 developed countermeasures. With the creation of Web3, hackers found a new platform to conduct various nefarious activities, including phishing attacks.
As cryptocurrency grew, so did the need for more sophisticated blockchain security and crypto safety, but even with the current countermeasures curbing phishing attacks proved cumbersome mainly due to phishing attacks thriving on Human error.
By aiming directly at the client or user o gain access by tricking them into giving up their credentials. For those who are aware, these attacks occur more often than not, and with the new sunrise radiating from Web3, it has suffered greatly at the hands of crypt scams and hackers.
Use-Case of phishing attacks.
To grasp and ensure blockchain security, one must first learn from the insecurities of various systems and how they occur. Below are two showcasing a breach in crypto safety and organizations and users lost million.
BZX crypto hack
Crypto company bZx unceremoniously suffered greatly at the hands of a hacker who stole millions in various crypto coins.
In November 2021, a bZx protocol developer fell victim to a phishing attack in which the hacker acquired various private keys crucial to bZx protocols. Armed with these tools, the hacker could drain crypto coins worth $55 million. According to security experts, the attack was successful since, at the time, the only decentralized operational feature was Ethereum.
The hacker acquired the private keys by masquerading as a legitimate entity. The blockchain developer at the tie was unaware of this development and gave the hacker the desired private keys.
According to bZx, the email sent to its developers had a malicious macro in a Word document that, when disguised as a legitimate email attachment. This code ran a malicious script on the received devices, compromising his mnemonic wallet.
Google ad Crypto scam
Typically phishing attacks are attributed to emails or the entire website, but few think outside the box. With the sophistication of blockchain security, a group of hackers decided to conduct a phishing attack using Google Ads.
According to experts, the perpetrators purchased Google Ads placement for their fraudulent website that impersonated popular wallets such as PhantomApp and MetaMask. They also applied their methods to the URLs of these fake sites to capitalize on human error and negligence.
Once a victim clicked on the site, they would steal their passphrase. If the victim creates a new account, they place various mechanisms to ensure that the report will appear. Although any transactions that occur would go directly to the scammers. By the time anyone could notice what was going on, the scammers fled with over $500,000 worth of cryptocurrency. The crypto scammers collected this amount from the first two days only.
Why Phishing attacks are hard to deal with.
Two critical aspects from the above scenario; First, the assumption is a crucial factor that most phishing attacks hinge on. Simply assuming that the email received was legitimate without further scrutiny led to the hacker gaining access to the personal computer.
It is human nature to ignore mundane activities. The human mind tends to filter the processes it has done a thousand times, and crypto scams bank on such a defect. Some crypto hackers tend o avoid dealing with blockchain security parameters and hence go after individuals within the network.
Most of the time, individuals are not to blame since some genuinely need to figure out where to look or how to spot the difference. The second aspect mainly dives into human ignorance of crypto safety practices.
Any cyber or blockchain security analyst will always warn you of clicking on unusual sites. Crypto hackers tend to mimic websites, but in Web2, no two sites can have identical URLs. Hence hackers can merely spoof but not duplicate. Unfortunately, various individuals will need to learn the difference.
Also, Read about The recent crypto slump and the harsh lessons on custody and control.
Phishing attacks will continue since their primary target is human error. Thus as more ideas, inventions, and websites emerge, scammers will always appear to take advantage of their naivety. Blockchain security measures can only go so far without its users’ aid since any system’s strength depends on its weakest link.