Author

Topic: Web3: A new attack vector for cyber criminals (Read 210 times)

legendary
Activity: 2576
Merit: 1655
February 12, 2020, 05:27:58 PM
#2
Thank you for referencing my post about this new attack that the cyber criminals are exploiting.

This kind of attacks surfaces around mid January this year, and the good thing is that other fake websites have been quickly shutdown. But I have no doubt that the cyber criminals are just waiting for the perfect time to release another attack similar to this.
hero member
Activity: 2632
Merit: 833
February 06, 2020, 07:53:28 PM
#1
In the last two years, we have seen cyber criminals stepping up their game with fake giveaways, fake hardware wallets, and fake websites to get our personal info and data. However, they are going one level up again, this time taking advantage of web3 and the whole new hype - DeFi.

What is web3.js?

Quote
web3.js - Ethereum JavaScript API

web3.js is a collection of libraries which allow you to interact with a local or remote ethereum node, using a HTTP or IPC connection.

So it means that we just interact with our wallets and we don't need to enter our passwords or recovery phases. So here is one example,




On the left is the fake and scam website and I used the screenshot here. And on the left is the real one: https://migrate.makerdao.com/. So by design, you can't real tell the difference isn't it?

So basically if you have visited the phishing site and follow the instructions, you will be prompted to have access to your wallet thru MetaMask and then once you send the SAI, it's a done deal.

So I advise everyone to watch out for this new kind of attack vector.

References:


https://web3js.readthedocs.io/en/v1.2.6/
https://bitcointalksearch.org/topic/scam-upgrade-sai-to-multi-collateral-dai-5219002/
Jump to: