cryptopolitan.com
مع استعادة العملات المشفرة قيمتها وإطلاق المزيد من الرموز المميزة، تتسارع الهجمات ضد المحافظ الفردية. فقط في الأسبوعين الأولين من شهر أكتوبر، تم فقدان حوالي 41 مليون دولار بسبب هجمات التصيد الاحتيالي.
لقد تم خسارة أكثر من 41 مليون دولار بسبب هجمات التصيد الاحتيالي في أكتوبر حتى الآن. تشير تقديرات هجمات التصيد الاحتيالي في شهر سبتمبر dent أدت إلى سرقة 46 مليون دولار. تقديرات Certik أعلى بكثير، مع زيادة في جميع أنواع الهجمات في الربع الثالث. مع قيام المزيد من الوافدين الجدد بتجربة العملات المشفرة، أصبح التصيد الاحتيالي للمحفظة والروابط الضارة أكثر شيوعًا. وفي الـ 24 ساعة الماضية فقط، خسر حساب آخر 1.57 مليون دولار بعد توقيع التصريح.
🚨 منذ 3 ساعات، خسرت ضحية أخرى 1.57 مليون دولار بعد التوقيع على توقيع "تصريح" للتصيد الاحتيالي.💸 pic.twitter.com/wDGZIMdJ7N
— احتيال الشم | Web3 Anti-Scam (@realScamSniffer) 15 أكتوبر 2024
DefiHackLabs discovered a total of eight exploits in October, with attack values ranging from $100K to $2.4M, depending on individual wallets. The sum is relatively small compared to the overall exploits of exchanges in the past few weeks. However, the ubiquity of the attacks and the effects on retail traders make phishing one of the significant threats in Web3 usage.
The losses were also much harder to recover, as hackers moved them through DEX or mixers. Phishing hacks add to the losses from more elaborate attacks like the validator address hacks and MEV exploits.
Phishing attacks usually ask for actions to be signed through the user’s wallet, based on demands to approve a contract or sign another type of transfer or permission. Fake phishing tokens also target wallets with crypto balances, in an attempt to redirect funds to a fake address. Permit phishing is especially harmful, as it can gain permission to move multiple tokens. One such example happened just days ago when a wallet was hacked for $1.4M worth of meme tokens.
Those types of attacks have existed before, but are accelerating in October, due to an inflow of users. Most of the attacks affect Ethereum, one of the most liquid chains, with well-understood smart contracts. Hackers often use open-source contracts to generate malicious links or even specifically built smart contracts that look realistic.
Hacked X accounts deliver fake links
As the crypto community is mostly active on X, accounts are at risk of hacking. October is an extremely risky period, as the meme token frenzy coincides with the general market recovery. All assets are fair game, from BTC and blue chips to the last new meme token that may grow 1,000 times or more.
One of the attack vectors hacked X handles, sometimes belonging to influencers or meme token accounts. Instead of signing to buy a token, users see their wallets emptied. Even pressing ‘connect wallet’ to a link from social media may cost all the assets within that wallet. Sometimes, a malicious link will be masked as a token recovery tool or even a protection against hacks.
Links may appear through Google ads, inviting users to new chains. Again, the scam website will ask the user to connect a wallet – and in that case, the best approach is to only risk the test with a new empty wallet.
Promising airdrops or point farming is also a way to convince users to put their skepticism to sleep and grant permission to their wallets. One of the latest X handles to be hacked belonged to the SPX6900 hot meme token, exposing potential buyers to a malicious address. Sometimes, links hide in what seems like harmless offers or download links. With more newcomers to meme tokens, keeping their wallets ready for trading at all times, such incidents will only accelerate.
Scam advertising on social media, as well as scam replies, are often another carrier of malicious links. Compromised Discord servers or expired invitations, as well as calls to install software, may drain wallets, or even install software to compromise private keys.