Web3 technology is growing in popularity, social metaverse games are raising millions and building out virtual worlds with ownable assets, plus users are buying NFT avatars and joining DAO’s.
However, as the internet slowly transitions into Web3, we’re seeing a rise in financial attacks on unsuspecting users in the space.
The cyber security company Guardio has recently shared that they’ve identified some of the tactics used by attackers and in this post we’ll be looking at how the recent attacks unfolded.
Guardio has discovered a network of sophisticated phishing attacks that is targeting MetaMask users by impersonating popular metaverse projects.
Whilst this is nothing new to the crypto space, it is also a small taste of what is to come with the rise of Web3.
The Metaverse in its current state is nothing more than a concept, a vision for a network of socially connected virtual worlds.
Since the metaverse crowd is usually more tech-savvy than the usual phishing targets, malicious actors have taken to new lengths to try and scam unsuspecting users.
Malicious actors have resorted to building almost pixel-perfect copies of the platforms they’re targeting.
They do this by copying pieces of the original websites, even exploiting the look and feel of the user interface to fool even experienced crypto users.
One example, discovered by the Guardio team, is a scam targeting MetaMask users by mimicking the user interface of the browser based, multi-crypto wallet.
Attackers took advantage of the fact that it would be difficult to distinguish the MetaMask browser extension from a regular pop up box.
Malicious actors were able to replicate the MetaMask UI almost perfectly, tricking users into giving away their wallet recovery passphrases simply by asking.
Whilst this would have been a red flag for experienced cryptocurrency holders, to the average joe this is just a reasonable request.
When you include the fact that users can import their wallets into the real MetaMask via their recovery phrases, it’s not hard to see how some inexperienced users got fooled.
Details About The Attack
Guardio found that hundreds of websites were impersonating large metaverse projects in the crypto space.
These websites have identical interfaces and functionality to the sites they were trying to impersonate.
The fraudulent websites even had the same wallet connection flows for MetaMask, leading to users unintentionally giving up their passphrases.
The projects that were impersonated as part of this attack include Decentraland, The Sandbox, NFT marketplaces like Opensea and Anyswap, a multi-chain decentralized exchange (DEX).
The attacks combined older techniques such as IDN attacks (i.e “opénsea” instead of “opensea”) and search engine pollution (black hat Pay Per Click ads to appear in results) to appear at the top of search results.
Attackers also used advanced phishing techniques unique to Web3, for example attackers were able to mimic the “Connect Wallet” function on the targeted websites.
You can see a video example of one of these attacks here.
These attacks are not easing up and many of these websites are still live, furthermore users are not protected from these malicious actors by our browser or traditional anti-virus software.
However, lightweight extensions like Guardio are able to prevent these attacks from affecting users due to machine learning.
The extension uses algorithms and machine learning to identify, understand and catch variants of these attacks when they occur.
Machine learning allows the extension to identify these attacks, even when bad actors change their techniques.
The Guardio team believes that these attacks will continue to occur and could increase in intensity as the Web3 space continues to grow.
If users are not protected from these attacks, then millions of funds could be at stake.