{"id":538231,"date":"2023-01-10T08:42:51","date_gmt":"2023-01-10T05:42:51","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/"},"modified":"2023-01-10T08:42:51","modified_gmt":"2023-01-10T05:42:51","slug":"5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/","title":{"rendered":"# 5 sneaky tricks crypto phishing scammers used last year: SlowMist"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3385a87624e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3385a87624e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/#%E2%80%9D_5_sneaky_tricks_crypto_phishing_scammers_used_last_year_SlowMist_%E2%80%9C\" >&#8221; 5 sneaky tricks crypto phishing scammers used last year: SlowMist &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/#Malicious_browser_bookmarks\" >Malicious browser bookmarks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/#%E2%80%98Zero_dollar_purchase_NFT_phishing\" >\u2018Zero dollar purchase\u2019 NFT phishing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/#Trojan_horse_currency_theft\" >Trojan horse currency theft<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/#%E2%80%98Blank_Check_eth_sign_phishing\" >\u2018Blank Check\u2019 eth_sign phishing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\/#Same_ending_number_transfer_scam\" >Same ending number transfer scam<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_5_sneaky_tricks_crypto_phishing_scammers_used_last_year_SlowMist_%E2%80%9C\"><\/span>&#8221; 5 sneaky tricks crypto phishing scammers used last year: SlowMist &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-6ed77c39>Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> Discord.<\/p>\n<p>It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.slowmist.com\/report\/2022-Blockchain-Security-and-AML-Analysis-Annual-Report(EN).pdf\">report<\/a>.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/9f26dbc8-f0a2-436d-9094-197f573c0101.PNG\"><figcaption style=\"text-align: center;\"><em>A pie chart of attack methods in 2022 in percentages Source: SlowMist<\/em><\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Malicious_browser_bookmarks\"><\/span>Malicious browser bookmarks<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. <\/p>\n<p>SlowMist said scammers have been exploiting these to ultimately gain access to a project owner\u2019s Discord account.<\/p>\n<p>&#8220;By inserting JavaScript code into bookmarks through these phishing pages, attackers can potentially gain access to a Discord user&#8217;s information and take over the permissions of a project owner&#8217;s account,\u201d the firm wrote. <\/p>\n<p>After guiding victims to add the malicious bookmark through a phishing page, the scammer waits until the victim clicks on the bookmark while logged into Discord, which triggers the implanted JavaScript code and sends the victim&#8217;s personal information to the scammer&#8217;s Discord channel.\u00a0<\/p>\n<p>During this process, the scammer can steal a victim&#8217;s Discord Token (encryption of a Discord username and password) and thus gain access to their account, which allows them to post fake messages and links to more phishing scams posing as the victim.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%E2%80%98Zero_dollar_purchase_NFT_phishing\"><\/span>\u2018Zero dollar purchase\u2019 NFT phishing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Out of 56 major NFT security breaches, 22 of those were the result of phishing attacks, added SlowMis<\/p>\n<p>One of the more popular methods used by scammers would trick their victims into signing over NFTs for practically nothing through a phony sales order.<\/p>\n<p>Once the victim signs the order, the scammer can then purchase the user&#8217;s NFTs through a marketplace at a price determined by them. <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/f6c64bfe-0acc-4e22-9e19-3dd3d32ae01a.png\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\"><strong>Cast your vote now!<\/strong><\/figcaption><\/figure>\n<p>&#8220;Unfortunately, it&#8217;s not possible to deauthorize a stolen signature through sites like Revoke,&#8221; the report wrote.<\/p>\n<p>&#8220;However, you can deauthorize any previous pending orders that you had set up, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature.&#8221; <\/p>\n<h3><span class=\"ez-toc-section\" id=\"Trojan_horse_currency_theft\"><\/span>Trojan horse currency theft<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in testing a new project, then sends a program in the form of a compressed file that contains an executable file of about 800 MB.<\/p>\n<p>After downloading the program, it will scan for files containing key phrases like &#8220;wallet&#8221; and upload them to the attacker&#8217;s server.<\/p>\n<p>&#8220;The latest version of RedLine Stealer also has the ability to steal cryptocurrency, scanning for installed digital currency wallet information on the local computer and uploading it to a remote control machine,\u201d said SlowMist.<\/p>\n<p>\u201cIn addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and send back periodic information about the infected computer.&#8221;<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/83273596-d803-4283-8d09-67b807cdc5fc.JPG\"><figcaption style=\"text-align: center;\"><em>An example of the\u00a0RedLine Stealer in action. Source: SlowMist<\/em><\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"%E2%80%98Blank_Check_eth_sign_phishing\"><\/span>\u2018Blank Check\u2019 eth_sign phishing<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This phishing attack allows scammers to use your private key to sign any transaction they choose. After connecting your wallet to a scam site, a signature application box may pop up with a red warning from MetaMask.<\/p>\n<p>After signing, attackers gain access to your signature, allowing them to can construct any data and ask you to sign it through eth_sign.<\/p>\n<p>\u201cThis type of phishing can be very confusing, especially when it comes to authorization,&#8221; said the firm.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Same_ending_number_transfer_scam\"><\/span>Same ending number transfer scam<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>For this scam, attackers airdrop small amounts of tokens, such as .01 USDT or 0.001 USDT to victims often with a similar address, except for the last few digits in the hopes of tricking users into accidentally copying the wrong address in their transfer history.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/952aa397-604d-496c-a9a9-1388df7d7d89.JPG\"><figcaption style=\"text-align: center;\"><em>An example of a same end number phishing attempt. Source: SlowMist<\/em><\/figcaption><\/figure>\n<p>The rest of the 2022 report covered other blockchain security incidents in the year, including contract vulnerabilities and private key leakage.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>DeFi-type projects received the highest number of attacks in 2022: Report<\/em><\/strong><\/p>\n<p>There were roughly 92 attacks using contract vulnerabilities in the year, totaling nearly $1.1 billion in losses because of flaws in smart contract design and hacked programs.<\/p>\n<p>Private key theft on the other hand accounted for roughly 6.6% of attacks and saw at least $762 million in losses, the most prominent examples being the Ronin bridge and Harmony\u2019s Horizon Bridge hacks. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/5-sneaky-tricks-crypto-phishing-scammers-used-last-year-slowmist\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; 5 sneaky tricks crypto phishing scammers used last year: SlowMist &#8220; Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303&#8230;<\/p>\n","protected":false},"author":1,"featured_media":538232,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/3d86b63d-a174-4f01-bd24-4a4eaed66f16.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74863,74882,95118,117,70375,70944,75134,71101,72287],"class_list":["post-538231","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cryptocurrencies","tag-hacks","tag-nft","tag-business","tag-cybersecurity","tag-hackers","tag-phishing","tag-scams","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/538231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=538231"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/538231\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/538232"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=538231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=538231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=538231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}