'Ice phishing' attacks put secure Blockchain, Web3 at risk: Microsoft

Microsoft 365 Defender Research Team has spotted attacks which look similar to traditional credential phishing attacks observed on web2 but some are unique to web3

IANSUpdated: Thursday, February 17, 2022, 08:34 PM IST
article-image
Photo: Pixabay

New Delhi: As the adoption of Blockchain and Web3 technologies rise, Microsoft has warned of new cyber threats including 'ice phishing' campaigns that can put the so-called secure decentralised, De-Fi world of finance at the mercy of hackers.

Microsoft 365 Defender Research Team has spotted attacks which look similar to traditional credential phishing attacks observed on web2 but some are unique to web3. "Imagine if an attacker can -- single-handedly -- grab a big chunk of the nearly 2.2 trillion US dollar cryptocurrency market capitalisation and do so with almost complete anonymity. This changes the dynamics of the game and is exactly what's happening in the web3 world multiple times a month," the team said in a statement late on Wednesday.

Web3 is the decentralised world that is built on top of cryptographic security that lays the foundation of the blockchain (in contrast, web2 is the more centralised world). In web3, funds you hold in your non-custodial wallet are secured by the private key that is only known to you. "Smart contracts you interact with are immutable, often open-source, and audited. How do phishing attacks happen with such a secure foundation?" said Microsoft.

The 'ice phishing' technique doesn't involve stealing one's private keys. Rather, it entails tricking a user into signing a transaction that delegates approval of the user's tokens to the attacker. "This is a common type of transaction that enables interactions with DeFi smart contracts, as those are used to interact with the user's tokens," Microsoft informed.

In an 'ice phishing' attack, the attacker merely needs to modify the spender address to the attacker's address. This can be quite effective as the user interface doesn't show all pertinent information that can indicate that the transaction has been tampered with.

Once the approval transaction has been signed, submitted, and mined, the spender can access the funds. In case of an 'ice phishing' attack, the attacker can accumulate approvals over a period of time and then drain all the victim's wallets quickly.

This is exactly what happened with the Badger DAO attack that enabled the attacker to drain approximately $121 million in November-December 2021. "The Badger DAO attack highlights the need to build security into web3 while it is in its early stages of evolution and adoption," said Microsoft. "At a high level, we recommend that software developers increase security usability of web3. In the meantime, end users need to explicitly verify information through additional resources, such as reviewing the project's documentation and external reputation/informational websites," the tech giant added.

The 'ice phishing' attack in late 2021 is just one example of the threats affecting the Blockchain technology. "Since then, many more hacks have occurred that impacted blockchain projects and users," said Microsoft.

(To receive our E-paper on whatsapp daily, please click here. To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

RECENT STORIES

Mumbai: To dispose of seized plastic, BMC goes recycling way

Mumbai: To dispose of seized plastic, BMC goes recycling way

Maharashtra: Assembly, Council pass motions to congratulate Droupadi Murmu and Jagdeep Dhankhar

Maharashtra: Assembly, Council pass motions to congratulate Droupadi Murmu and Jagdeep Dhankhar

Mumbai: With 975 COVID-19 cases in last 24 hrs, city's test positivity rate jumps by 12%

Mumbai: With 975 COVID-19 cases in last 24 hrs, city's test positivity rate jumps by 12%

Mumbai: Traffic woes worsen amid vehicle rallies and bad roads, read the latest update here

Mumbai: Traffic woes worsen amid vehicle rallies and bad roads, read the latest update here

Maharashtra govt presents bill proposing direct election of presidents of municipal councils and...

Maharashtra govt presents bill proposing direct election of presidents of municipal councils and...
epaper
Do you wish to receive daily Epaper on your WhatsApp for FREE?
NO
Yes