[MART] - Daily Diary #456 - Ice Phishing Puts Blockchain and Web3 at Risk

[CTAS-MAT]

Hello,

I hope everyone is doing well!

Below is the entry for today.

02/18/2022 - Diary entry #456:

Ice phishing is a form of clickjacking, or user interface attack for cryptocurrencies applications. It involves manipulating the user interface of an application in ways that are not visible to the user. For example, an ice phishing attack might trick a user into approving a funds transfer to a tampered address, by modifying transactions information (like the destination wallet) before the transaction is submitted, and after the transaction has been submitted and confirmed in the network, the attacker can use all the funds however he wants.

The icing on the cake of this scam is that a criminal can gradually build up a stash of these approvals to quickly empty the victims' wallets. This presents a new danger to average users. On the other hand, this kind of attack has the benefit of being monitored since blockchains have the transactions logs and activities publicly available.

To mitigate cryptocurrency-focused attacks, Microsoft has created and opened an agent on Forta, a smart contract threat detection platform. It looks for suspicious token approvals, triggering a possible ice phishing attack. It seems that this will be successful and it's an important step to provide more security in blockchain protocols which are becoming a huge attack surface for criminals.

Kind Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220218/d070c62f/attachment.htm>