Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year.
In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens.
This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on the exchange.
#CertiKSkynetAlert 1/ Ice phishing is a considerable threat to the Web3 community Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.We’ll outline below what to look out for, and how to protect yourself!
A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing scam. An investor was convinced to sign a transaction request disguised as a film contract, which ultimately enabled the scammer to sell all of the user's apes to themselves for a negligible amount.
The firm noted that this type of scam was a “considerable threat” found only in the Web3 world, as investors are often required to sign permissions to decentralized finance (DeFi) protocols they interact with, which could be easily faked.
Once a scammer has gained approval, they are able to transfer assets to an address of their choosing.
To protect themselves from ice phishing, CertiK recommended that investors revoke permissions for addresses they don’t recognize on blockchain explorer sites such as Etherscan, using a token approval tool.
Related: $4B
Read more on cointelegraph.com