paint-brush
MetaMask Users Targeted By Phishing Attack Impersonating Popular Metaverse Projectsby@Cryptonite
395 reads
395 reads

MetaMask Users Targeted By Phishing Attack Impersonating Popular Metaverse Projects

by Cryptonite
Cryptonite HackerNoon profile picture

Cryptonite

@Cryptonite

Cryptocurrency & Tech Writer.

March 1st, 2022
Read on Terminal Reader
Read this story in a terminal
Print this story
Read this story w/o Javascript
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

MetaMask users are being targeted in a series of phishing attacks where hackers impersonate popular metaverse project websites.

People Mentioned

Mention Thumbnail

The Sandbox

@sandboxgame

Company Mentioned

Mention Thumbnail
OpenSea

Coins Mentioned

Mention Thumbnail
Decentraland
Mention Thumbnail
The Sandbox
featured image - MetaMask Users Targeted By Phishing Attack Impersonating Popular Metaverse Projects
1x
Read by Dr. One voice-avatar

Listen to this story

Cryptonite HackerNoon profile picture
Cryptonite

Cryptonite

@Cryptonite

Cryptocurrency & Tech Writer.

About @Cryptonite
LEARN MORE ABOUT @CRYPTONITE'S
EXPERTISE AND PLACE ON THE INTERNET.

Web3 technology is growing in popularity, social metaverse games are raising millions and building out virtual worlds with ownable assets, plus users are buying NFT avatars and joining DAO’s.

However, as the internet slowly transitions into Web3, we’re seeing a rise in financial attacks on unsuspecting users in the space.

The cyber security company Guardio has recently shared that they’ve identified some of the tactics used by attackers and in this post we’ll be looking at how the recent attacks unfolded.

Web3 Phishing Attacks Are On The Rise

Guardio has discovered a network of sophisticated phishing attacks that is targeting MetaMask users by impersonating popular metaverse projects.

Whilst this is nothing new to the crypto space, it is also a small taste of what is to come with the rise of Web3.

The Metaverse in its current state is nothing more than a concept, a vision for a network of socially connected virtual worlds.

Since the metaverse crowd is usually more tech-savvy than the usual phishing targets, malicious actors have taken to new lengths to try and scam unsuspecting users.

Malicious actors have resorted to building almost pixel-perfect copies of the platforms they’re targeting.

They do this by copying pieces of the original websites, even exploiting the look and feel of the user interface to fool even experienced crypto users.

One example, discovered by the Guardio team, is a scam targeting MetaMask users by mimicking the user interface of the browser based, multi-crypto wallet.

Attackers took advantage of the fact that it would be difficult to distinguish the MetaMask browser extension from a regular pop up box.

Malicious actors were able to replicate the MetaMask UI almost perfectly, tricking users into giving away their wallet recovery passphrases simply by asking.

Whilst this would have been a red flag for experienced cryptocurrency holders, to the average joe this is just a reasonable request.

When you include the fact that users can import their wallets into the real MetaMask via their recovery phrases, it’s not hard to see how some inexperienced users got fooled.

Details About The Attack

Guardio found that hundreds of websites were impersonating large metaverse projects in the crypto space.

These websites have identical interfaces and functionality to the sites they were trying to impersonate.

The fraudulent websites even had the same wallet connection flows for MetaMask, leading to users unintentionally giving up their passphrases.

image

The projects that were impersonated as part of this attack include Decentraland, The Sandbox, NFT marketplaces like Opensea and Anyswap, a multi-chain decentralized exchange (DEX).

The attacks combined older techniques such as IDN attacks (i.e “opénsea” instead of “opensea”) and search engine pollution (black hat Pay Per Click ads to appear in results) to appear at the top of search results.

image

Attackers also used advanced phishing techniques unique to Web3, for example attackers were able to mimic the “Connect Wallet” function on the targeted websites.

image

You can see a video example of one of these attacks here.

These attacks are not easing up and many of these websites are still live, furthermore users are not protected from these malicious actors by our browser or traditional anti-virus software.

However, lightweight extensions like Guardio are able to prevent these attacks from affecting users due to machine learning. 

The extension uses algorithms and machine learning to identify, understand and catch variants of these attacks when they occur.

Machine learning allows the extension to identify these attacks, even when bad actors change their techniques.

The Guardio team believes that these attacks will continue to occur and could increase in intensity as the Web3 space continues to grow. 

If users are not protected from these attacks, then millions of funds could be at stake. 

L O A D I N G
. . . comments & more!

About Author

Cryptonite HackerNoon profile picture
Cryptonite@Cryptonite
Cryptocurrency & Tech Writer.

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite
Moomoo
Learnrepo
Cryptonetwork
Platoaistream
Platodata
Learnrepo
Platoaistream

Mentioned in this story

companies
profiles
X REMOVE AD