Middle East

Ice fishing attacks endanger Blockchain, Web3: Microsoft

New Delhi: As the adoption of Blockchain and Web3 technologies grows, Microsoft warns of new cyber threats, including an “ice fishing” campaign, that could be tossed by hackers in the so-called secure decentralized Decentralized finance world. increase.

The Microsoft 365 Defender Research Team has discovered attacks similar to the traditional credential phishing attacks observed on web2, but some are specific to web3.

“Imagine an attacker getting most of the cryptocurrency market capitalization of about US $ 2.2 trillion with one hand and with almost complete anonymity. This changes the dynamics of the game, exactly the number of months. That’s what’s happening in the world of web3 times, “the team said in a statement late Wednesday.

Web3 is a decentralized world built on top of the cryptographic security that underlies blockchain (in contrast, web2 is a more centralized world).

In web3, the funds held in the wallet other than Cast Dial are protected by a private key that only you know.

“The smart contracts we interact with are immutable, often open source, and audited. How do phishing attacks occur on such a secure foundation?” Microsoft said.

With the “ice fishing” technique, you don’t have to steal your private key. Rather, you need to trick the user into signing a transaction that delegates the approval of the user’s token to an attacker.

“This is a common type of transaction that allows us to interact with DeFi smart contracts because they are used to interact with users’ tokens,” Microsoft said.

In an “ice fishing” attack, the attacker simply needs to change the consumer’s address to the attacker’s address.

This is very effective because the user interface does not show all relevant information that could indicate that the transaction has been tampered with.

Once the approval transaction is signed, submitted and mined, the consumer has access to the funds. In the case of an “ice fishing” attack, the attacker can accumulate approvals over a period of time and quickly eject all victims’ wallets.

This is exactly what happened in the Badger DAO attack, which allowed attackers to waste about $ 121 million between November and December 2021.

“The Badger DAO attack highlights the need to incorporate security into Web3 as it is in the early stages of evolution and adoption,” Microsoft said.

“Roughly speaking, software developers are encouraged to improve the security usability of web3. In the meantime, end users will be able to see additional project documentation and external reputation / information websites. Information needs to be explicitly confirmed through resources, “added the technology giant.

The “ice fishing” attack in late 2021 is just one example of a threat affecting blockchain technology.

“Since then, there have been more hacks affecting blockchain projects and users,” Microsoft said.

https://www.siasat.com/ice-phishing-attacks-put-blockchain-web3-at-risk-microsoft-2277677/ Ice fishing attacks endanger Blockchain, Web3: Microsoft

Back to top button