Microsoft offers defense against 'ice phishing' crypto scammers

2022-02-18 11:17

Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining.

Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.

The recent $120m attack on BadgerDAO, for example, relied on a malicious injected script to enable ice phishing, which involved prompting users of the BadgerDAO web app to delegate the attacker to conduct transactions for them.

"In an 'ice phishing' attack, the attacker merely needs to modify the spender address to the attacker's address," said Christian Seifert, a security researcher at Microsoft, in a blog post.

Microsoft at least has an idea about how to mitigate cryptocurrency-focused attacks.

Seifert also offers web3 users advice on protecting themselves from threats like the BadgerDAO attack.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/18/microsoft_ice_phishing/

#crypto #defense #microsoft #phishing #scammer

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		698	777	4532	4623	3617	13549

News URL

Related news

Related vendor