In the last two years, we have seen cyber criminals stepping up their game with fake giveaways, fake hardware wallets, and fake websites to get our personal info and data. However, they are going one level up again, this time taking advantage of web3 and the whole new hype - DeFi.
What is web3.js?
web3.js - Ethereum JavaScript API
web3.js is a collection of libraries which allow you to interact with a local or remote ethereum node, using a HTTP or IPC connection.
So it means that we just interact with our wallets and we don't need to enter our passwords or recovery phases. So here is one example,
On the left is the fake and scam website and I used the screenshot
here. And on the left is the real one:
https://migrate.makerdao.com/. So by design, you can't real tell the difference isn't it?
So basically if you have visited the phishing site and follow the instructions, you will be prompted to have access to your wallet thru MetaMask and then once you send the SAI, it's a done deal.
So I advise everyone to watch out for this new kind of attack vector.
References:
https://web3js.readthedocs.io/en/v1.2.6/https://bitcointalksearch.org/topic/scam-upgrade-sai-to-multi-collateral-dai-5219002/