Ice Phishing is a cryptocurrency scam that Microsoft recently issued a warning. With the increasing number of cryptocurrency owners worldwide, fraudulent schemes related to cryptocurrency are becoming more sophisticated, making it challenging for individuals to avoid falling victim. Therefore, it’s essential to equip yourself with knowledge to protect your assets. So, what is Ice Phishing in crypto, how does it operate, and how can you safeguard against it? Let’s dive into the details below.
Contents
What Is Ice Phishing attack in Cryptocurrency?
What Is Ice Phishing scam in Cryptocurrency?
Traditional phishing schemes usually aim to acquire private keys and passwords, whereas Ice Phishing is specifically designed to target users in the Web3 space. Web3, distinct from the more centralized Web2, is a decentralized environment underpinned by the security of blockchain encryption. In this realm, the funds in your wallet are safeguarded by a private key that only you know. The Smart Contracts you engage with are unchangeable and frequently open-source, with their authenticity being verified solely through encryption methods, rather than any human oversight.
Related post: What is Web 3.0?
How does Ice Phishing in Cryptocurrency happen?
How can fraudulent Ice Phishing attacks occur on such a secure platform? Let’s explain:
The term “Ice Phishing” originated from a Microsoft report, which stated:
In an Ice Phishing scam, cybercriminals attempt to deceive victims into approving their tokens. They do this by using Smart Contracts to conceal their intentions.
Smart Contracts are self-executing blockchain programs that automatically perform actions once predetermined conditions are met.
For instance, Microsoft provided an example involving swap token, where two parties swap different cryptocurrencies, similar to currency exchange but without intermediaries.
=> Cybercriminals can infiltrate a cryptocurrency platform by injecting malware into these Smart Contracts, such as changing the exchange addresses of the exchange into their own wallet addresses. When users sign the contract and agree to the swap, criminals are granted access to their wallets, allowing them to withdraw funds without hindrance.
Biggest Cryptocurrency Ice Phishing Scams
The first notable cryptocurrency Ice Phishing scam occurred on December 2, 2021, targeting BadgerDAO, resulting in a theft of approximately $120 million USD.
The attack was initiated by injecting malicious code from Cloudflare, an application platform running on Badger’s cloud network.
The hackers exploited a compromised API key created by Badger’s engineers, which they were either unaware of or not authorized to periodically inject malicious code affecting a small group of their customers.
The hackers stole $130 million USD in cryptocurrencies, but approximately $9 million USD of that amount can potentially be recovered, as the funds were transferred by the hackers but have not yet been withdrawn from Badger’s wallet.
Furthermore, on December 17, 2022, through the Ice Phishing scam method, malicious actors stole 14 NFT tokens from the Bored Ape Yacht Club (BAYC) with a total value of over $1 million USD.
It is known that the fraudster identified themselves as the “casting director working for ‘Forte Pictures’,” on a film related to NFTs titled “The Return of Time.” The alias used by the scammer is fake, even though Forte Pictures is a real company (and unrelated).
Using a fake website, fraudulent advertising, fake legal contracts, and cunning tactics, including Twitter Spaces to establish credibility, they presented bids for NFTs and directed victims to a fake NFT platform, where they were required to “sign contracts,” ultimately depleting their wallets.
“The scammer’s wallet, sponsored by Secret Network, ran a legitimate match function to complete the shadow sale transaction. Subsequently, the scammer accepted the highest WETH offers on all NFTs, converting 852.86 WETH into 1.07 million DAI.”
https://twitter.com/Serpent/status/1604074496201494530
How to Avoid Ice Phishing Scams in Cryptocurrency?
According to CertiK, a blockchain security platform built to enhance the security standards of DApps and blockchains, users can take one of the following measures to avoid falling victim to Ice Phishing scams in cryptocurrency:
-
Revoke permissions for wallet addresses that you don’t recognize by reviewing transaction histories on blockchain tracking websites like Etherscan, and remember to use token approval tools.
-
Additionally, wallet addresses that users intend to transact with should be searched on these blockchain explorers to identify any suspicious activities.
-
Users should only interact with the official websites of reputable projects that they can verify and exercise caution, especially on social media platforms like Twitter, Facebook, etc., where many fake Twitter accounts of famous projects are created to deceive users.
-
Web3 blockchain projects should also enhance security measures to prevent unfortunate incidents involving their users.
In summary, hope you can understand what is Ice Phishing scams in cryptocurrency. The anonymity of the cryptocurrency market makes it attractive to malicious actors who seek various means to steal others’ assets online without detection. Therefore, if you are a cryptocurrency investor, it is crucial to equip yourself with knowledge to avoid falling victim to opportunistic fraudsters.
