Security News > 2022 > February > Microsoft offers defense against 'ice phishing' crypto scammers

Microsoft offers defense against 'ice phishing' crypto scammers
2022-02-18 11:17

Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining.

Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.

The recent $120m attack on BadgerDAO, for example, relied on a malicious injected script to enable ice phishing, which involved prompting users of the BadgerDAO web app to delegate the attacker to conduct transactions for them.

"In an 'ice phishing' attack, the attacker merely needs to modify the spender address to the attacker's address," said Christian Seifert, a security researcher at Microsoft, in a blog post.

Microsoft at least has an idea about how to mitigate cryptocurrency-focused attacks.

Seifert also offers web3 users advice on protecting themselves from threats like the BadgerDAO attack.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/18/microsoft_ice_phishing/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399