{"id":529828,"date":"2022-12-21T08:34:53","date_gmt":"2022-12-21T05:34:53","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-avoid-getting-hooked-by-crypto-ice-phishing-scammers-certik\/"},"modified":"2022-12-21T08:34:53","modified_gmt":"2022-12-21T05:34:53","slug":"how-to-avoid-getting-hooked-by-crypto-ice-phishing-scammers-certik","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-avoid-getting-hooked-by-crypto-ice-phishing-scammers-certik\/","title":{"rendered":"# How to avoid getting hooked by crypto \u2018ice phishing\u2019 scammers \u2014 CertiK"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a25843da5dcd\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a25843da5dcd\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-avoid-getting-hooked-by-crypto-ice-phishing-scammers-certik\/#%E2%80%9D_How_to_avoid_getting_hooked_by_crypto_%E2%80%98ice_phishing_scammers_%E2%80%94_CertiK_%E2%80%9C\" >&#8221; How to avoid getting hooked by crypto \u2018ice phishing\u2019 scammers \u2014 CertiK &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_How_to_avoid_getting_hooked_by_crypto_%E2%80%98ice_phishing_scammers_%E2%80%94_CertiK_%E2%80%9C\"><\/span>&#8221; How to avoid getting hooked by crypto \u2018ice phishing\u2019 scammers \u2014 CertiK &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-30a6cf80>Blockchain security company CertiK has reminded the crypto community to stay alert over \u201cice phishing\u201d scams \u2014 a unique type of phishing scam targeting Web3 users \u2014 first identified by Microsoft earlier this year.\u00a0<\/p>\n<p>In a Dec. 20 analysis report, CertiK <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.certik.com\/resources\/blog\/7a6sfFTZShcrFSEXXPsXds-ice-phishing-scams\">described<\/a> ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens. <\/p>\n<p>This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on the exchange.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/CertiKSkynetAlert?src=hash&amp;ref_src=twsrc%5Etfw\">#CertiKSkynetAlert<\/a> <\/p>\n<p>1\/ Ice phishing is a considerable threat to the Web3 community <\/p>\n<p>Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.<\/p>\n<p>We\u2019ll outline below what to look out for, and how to protect yourself!<\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1605297043085447186?ref_src=twsrc%5Etfw\">December 20, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing scam. An investor was convinced to sign a transaction request disguised as a film contract, which ultimately enabled the scammer to sell all of the user&#8217;s apes to themselves for a negligible amount.<\/p>\n<p>The firm noted that this type of scam was a \u201cconsiderable threat\u201d found only in the Web3 world, as investors are often required to sign permissions to decentralized finance (DeFi) protocols they interact with, which could be easily faked.<\/p>\n<blockquote><p>\u201cThe hacker just needs to make a user believe that the malicious address that they are granting <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roval to is legitimate. Once a user has approved permissions for the scammer to spend tokens, then the assets are at risk of being drained.\u201d<\/p><\/blockquote>\n<p>Once a scammer has gained approval, they are able to transfer assets to an address of their choosing. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/abc975c3-41d3-4e45-8db3-595bc3d75f17.png\"><figcaption style=\"text-align: center;\"><em>An example of how an ice phishing attack works on Etherscan. Source: Certik<\/em><\/figcaption><\/figure>\n<p>To protect themselves from ice phishing, CertiK recommended that investors revoke permissions for addresses they don\u2019t recognize on blockchain explorer sites such as Etherscan, using a token approval tool.<\/p>\n<p><strong>Related: <\/strong><strong><em>$4B OneCoin scam co-founder pleads guilty, faces 60 years jail<\/em><\/strong><\/p>\n<p>Additionally, addresses that users are planning to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address that was funded by Tornado Cash withdrawals as an example of suspicious activity. <\/p>\n<p>CertiK also suggested that users should only interact with official sites they are able to verify, and to be particularly wary of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> sites like Twitter, highlighting a fake Optimism Twitter account as an example.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/19a59e5a-0521-4178-8161-e7e2333b4ce7.png\"><figcaption style=\"text-align: center;\"><em>Fake Optimism Twitter account. Source: Certik<\/em><\/figcaption><\/figure>\n<p>The firm also advised users to take a couple of minutes to check a trusted site such as CoinMarketCap or Coingecko, users would have been able to see that the linked URL was not a legitimate site and should be avoided. <\/p>\n<p>Tech giant Microsoft was the first one to highlight this practice in a Feb. 16 blog <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/16\/ice-phishing-on-the-blockchain\/\">post<\/a>, saying at the time that while credential phishing is very predominant in the Web2 world, ice phishing gives individual scammers the ability to steal a chunk of the crypto industry while maintaining \u201calmost complete anonymity.\u201d <\/p>\n<p>They recommended that Web3 projects and wallet providers increase the security of their services on the software level in order to prevent the burden of avoiding ice phishing attacks being placed solely on the end-user.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/how-to-avoid-getting-hooked-by-crypto-ice-phishing-scammers-certik\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; How to avoid getting hooked by crypto \u2018ice phishing\u2019 scammers \u2014 CertiK &#8220; Blockchain security company CertiK has reminded the crypto community to stay alert over \u201cice phishing\u201d scams \u2014 a unique type of phishing scam targeting Web3 users \u2014 first identified by Microsoft earlier this year.\u00a0 In a Dec. 20 analysis report, CertiK&#8230;<\/p>\n","protected":false},"author":1,"featured_media":529829,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/970ff857-e994-48c7-9da1-7e0c1d21ab24.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[79806,74894,74891,93542,70944,70286,75134,71101,72287,10401],"class_list":["post-529828","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-analysis","tag-blockchain","tag-ethereum","tag-web3","tag-hackers","tag-microsoft","tag-phishing","tag-scams","tag-security","tag-twitter"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/529828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=529828"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/529828\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/529829"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=529828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=529828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=529828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}