One of the leading blockchain security companies addresses the needs of Web3 users and hints on how to avoid a hacking attack. We recommend reading these tips!
Ice Phishing a new threat
CertiK was founded in 2018. The fathers of the company are Columbia and Yale professors. The company’s mission is to use the best possible technology, backed by artificial intelligence, to secure and monitor blockchain, smart contracts and Web3.
The latter area has become particularly important for the company recently. This is because it turns out that Ice Phishing has become popular in the Web3 space. This form of attack was first identified by Microsoft, earlier this year.
The specifics of Ice Pishing are based on an attempt to convince the victim, to sign authorizations that lead to the release of tokens held by the victim. One of the most recent attacks of this kind was registered on December 17. At the time, 14 Bored Apes were stolen. Eventually, these NFTs ended up on the market and were liquidated for relatively small amounts. As CertiK representatives argue, this attack is quite simple:
“All the hacker has to do is make the user believe that the malicious address he is giving permission to is legitimate. Once the user approves the fraudster’s permission to issue tokens, then the assets are at risk of being drained.”
Take advantage of Etherscan
CertiK representatives suggested using token approval tools, as well as the blockchain explorer Etherscan. The latter can help revoke permissions for addresses that users don’t recognize.
The explorer can also be used to verify users for suspicious activity. This kind of activity is, for example, a given address’s historical use of mixers such as Tornado Cash. It is also important to interact with sites that are official. Such entities are easy to verify. In turn, it is recommended to use social media with caution. An example of this is Twitter, for example, where it is possible to come across fake cats of some networks.
Take some time to take care of your security
The company also advised to use information aggregators such as CoinMarketCap, or CoinGecko. It is there that you can verify individual URLs, in the context of linking to legitimate sites.
About the need to counter Ice Pishing, Microsoft already reported on February 16. It pointed out that it is essential that Web3 projects and wallet providers take care to enhance security at the software level. CertiK seems to understand this problem very well and aims to support building the right solutions.
