Security News > 2022 > February > Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks
Microsoft has warned of emerging threats in the Web3 landscape, including "Ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages.
The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers.
Another technique involves what Microsoft calls "Ice phishing." Rather than stealing a user's private keys, the method works by deceiving the target into "Signing a transaction that delegates approval of the user's tokens to the attacker."
"In case of an 'ice phishing' attack, the attacker can accumulate approvals over a period of time and then drain all [the] victim's wallets quickly."
The high-profile hack of DeFi platform BadgerDAO, which came to light in early December 2021, was one such instance of ice phishing, wherein a maliciously injected snippet using a compromised API key enabled the adversary to siphon $121 million in funds.
The script was programmed such that it would intercept Web3 transactions from wallets over a certain balance and insert a request to transfer the victim's tokens to an address chosen by the attackers.
News URL
https://thehackernews.com/2022/02/microsoft-warns-of-ice-phishing-threat.html
Related news
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)