Thank you for referencing my post about this new attack that the cyber criminals are exploiting.
This kind of attacks surfaces around mid January this year, and the good thing is that other fake websites have been quickly shutdown. But I have no doubt that the cyber criminals are just waiting for the perfect time to release another attack similar to this.
Topic: Web3: A new attack vector for cyber criminals (Read 192 times)
In the last two years, we have seen cyber criminals stepping up their game with fake giveaways, fake hardware wallets, and fake websites to get our personal info and data. However, they are going one level up again, this time taking advantage of web3 and the whole new hype - DeFi.
What is web3.js?
So it means that we just interact with our wallets and we don't need to enter our passwords or recovery phases. So here is one example,
On the left is the fake and scam website and I used the screenshot here. And on the left is the real one: https://migrate.makerdao.com/. So by design, you can't real tell the difference isn't it?
So basically if you have visited the phishing site and follow the instructions, you will be prompted to have access to your wallet thru MetaMask and then once you send the SAI, it's a done deal.
So I advise everyone to watch out for this new kind of attack vector.
References:
https://web3js.readthedocs.io/en/v1.2.6/
https://bitcointalksearch.org/topic/scam-upgrade-sai-to-multi-collateral-dai-5219002/
What is web3.js?
Quote
web3.js - Ethereum JavaScript API
web3.js is a collection of libraries which allow you to interact with a local or remote ethereum node, using a HTTP or IPC connection.
web3.js is a collection of libraries which allow you to interact with a local or remote ethereum node, using a HTTP or IPC connection.
So it means that we just interact with our wallets and we don't need to enter our passwords or recovery phases. So here is one example,
 |  |
On the left is the fake and scam website and I used the screenshot here. And on the left is the real one: https://migrate.makerdao.com/. So by design, you can't real tell the difference isn't it?
So basically if you have visited the phishing site and follow the instructions, you will be prompted to have access to your wallet thru MetaMask and then once you send the SAI, it's a done deal.
So I advise everyone to watch out for this new kind of attack vector.
References:
https://web3js.readthedocs.io/en/v1.2.6/
https://bitcointalksearch.org/topic/scam-upgrade-sai-to-multi-collateral-dai-5219002/
Jump to: