7 methods cybercriminals use for cryptocurrency theft
2 min read
The ongoing and evolving threat of phishing attacks within the cryptocurrency sector is emphasized in the report. The community is advised to remain vigilant and well-informed, stressing the importance of collaborative endeavors to establish a secure digital asset environment. Check Point Research highlights a rising trend in sophisticated phishing attacks affecting various blockchain networks, such as Ethereum, Binance Smart Chain, Polygon, and Avalanche. The report outlines 10 common techniques employed by hackers.
Deceptive Campaigns and False Websites: The typical initiation involves malevolent entities crafting fraudulent airdrop campaigns or phishing schemes. These are commonly disseminated through social media or email, presenting enticing offers of complimentary tokens or other rewards to entice users. The perpetrators meticulously structure these campaigns to give the impression of authenticity and credibility.
Imitating Authentic Websites: Individuals who engage with these campaigns are redirected to counterfeit websites. These sites are meticulously designed to replicate legitimate token distribution platforms or wallet interfaces, posing a challenge for users to differentiate them from the authentic ones.
Digital Wallet Connection Requests: While on these misleading websites, users are urged to link their digital wallets. This action holds significant importance for the attackers, serving as a critical step for the subsequent theft. The connection request may seem innocuous, often masquerading as a verification process for the user’s identity or account in order to proceed with the token claim.
Engagement with Harmful Smart Contracts: The pivotal stage entails enticing the user to interact with a malevolent smart contract. This interaction is frequently camouflaged as a step in claiming the offered airdrop or reward. The smart contract harbors concealed functions that, upon execution, modify the security configurations of the user’s wallet or immediately instigate unauthorized transactions.
Manipulating the ‘Permit’ Function in ERC-20 Tokens: One technique employed by these exploiters involves manipulating the ‘Permit’ function in ERC-20 tokens. This function enables token holders to authorize a spender, such as a smart contract, to conduct token transfers on their behalf. The attackers deceive users into off-chain signing of a message with their private key, establishing the allowance for the attacker’s address. This method is particularly insidious as it avoids the need for an on-chain transaction for each approval, minimizing the visibility of malicious activity.
Covert Asset Transfer and Concealment: Upon unauthorized access, the perpetrators proceed to move assets from the user’s wallet. They utilize methods such as cryptocurrency mixers or executing multiple transfers to obfuscate the path of the pilfered assets, rendering their tracing and recovery a formidable challenge.
Absence of Blockchain Tracing in Certain Instances: In scenarios involving off-chain signing, such as with the ‘Permit’ function, there is no immediate trace evident on the blockchain, as both the approval and transaction initiation occur off-chain. This heightened complexity further complicates the detection and tracing of fraudulent activities.
