Fun

News Feed - 2023-09-08 05:09:00

Ezra Reguerra19 minutes agoSecurity platforms warn about hidden phishing and wallet drainer linksCybersecurity professional Christian Seifert gave an example on how Discord"s measure against malicious links can be abused by scammers.72 Total viewsListen to article 0:00Follow upJoin us on social networksWith millions of dollars worth of assets being lost to phishing attacks after signing malicious permissions, the threat of losing crypto assets from questionable links is very real. When these are paired with platforms allowing hidden links, users are subjected to a different kind of risk. 


On Sept. 4, Web3 security provider Pocket Universe shared how scammers are able to hide wallet drainer links on any text on the instant messaging platform Discord. While some users report that the feature has only been enabled for Discord users recently, the ability to embed links on any text has been available on many different social platforms for a while now.Scammers can now hide links in any discord text ☠️

Watch out for hidden wallet drainer links

e.g. pic.twitter.com/mgqG18sOF9— Pocket Universe (@PocketUniverseZ) September 4, 2023


Cointelegraph reached out to several cybersecurity professionals to learn more about how users can protect themselves from such attempts and how platforms can improve their security so that users are not subjected to such attacks. 


Christian Seifert, who works as a Researcher in Residence at Web3 security firm Forta Network, said that this type of attack has been the bread and butter of hackers since the internet was created. He explained that:“Whatever a platform creates, there will be a hacker ready to find a way to hack it. Hyperlinks with text are a feature supported as part of HTML and have been a source for phishing attacks since the early days of the internet.”


According to Seifert, security requires an in-depth defense approach. “Both platforms and users need to work towards protecting themselves,” he said. From the user’s side, the security professional highlighted that there are plugins that they can use to protect themselves from such scams.


When it comes to Discord, Seifert pointed out that the platform does provide information on the true destination of the URL after the user clicks on it. However, the platform also allows users to “trust” a domain going forward. This can be abused by scammers according to Seifert. He explained:“Imagine a domain like foo.bar which the user trusted. A scammer can craft a potentially malicious link that performs some action on this domain, such as an oauth request to the scammer, like foo.bar/oauth/scammer-account.”


The cybersecurity professional said that an issue with the platform’s current implementation is that links and text can be deceptive and misaligned with users’ expectations. “If a text link clearly resembles a domain or URL and it is mismatched to the true destination URL, Discord should disallow such links,” he added.


Related:Exploits, hacks and scams stole almost $1B in 2023: Report


Meanwhile, Hugh Brooks, the director of security operations at the blockchain security firm CertiK, echoed some of Seifert’s sentiments. According to Brooks, users and platforms have a collective responsibility to watch out for malicious actors. He explained that it’s essential for platforms to continually review and refine their security features and for users to stay vigilant and educated.


For users, Brooks said that they should be proactive and cautious when it comes to links, especially when being asked for signatures and permissions. The executive urged users to verify the authenticity of the site address before giving it access to crypto wallets. Brooks shared:“A good practice is to cross-check web addresses with recognized phishing warning lists. PhishTank, Google Safe Browsing, and OpenPhish are valuable resources here, along with browser extensions like HTTPS Everywhere and ad blockers like uBlock.”


Brooks explained that these tools can alert users in real time whenever they are about to visit known phishing or malicious websites. “Furthermore, by simply hovering over a URL link, the actual web address will be displayed, allowing users to confirm its legitimacy before engaging further,” he added.


On the platform’s side, the cybersecurity professional said that there are measures that can be implemented such as being able to only receive messages from trusted contacts. Brooks said that a good example of this is Meta’s “Facebook Protect,” which lets users have heightened security features for their accounts.


“As the saying goes, the only constant is change. Platforms owe it to their users and to their continued relevance to make security a priority. This involves not only updating security measures but also fostering a culture of vigilance and awareness among users,” he added.


Magazine:Should crypto projects ever negotiate with hackers? Probably# Blockchain# Security# Hackers# Cybersecurity# HacksAdd reactionAdd reactionRead moreWhat is profit and loss (PnL) and how to calculate itIf Worldcoin can improve the world, why not give it a chance?ChatGPT-coded smart contracts may be flawed, could ‘fail miserably’ when attacked: CertiK

News Feed

Bitcoin’s Mining Difficulty Shrinks for the First Time in 4 Weeks
Bitcoin"s Mining Difficulty Shrinks for the First Time in 4 Weeks Bitcoin miners caught a small break late Sunday evening (ET) after the network’s mining difficulty dropped
Ethereum price data casts doubt on the strength of ETH’s support at $3K
Marcel Pechman7 hours agoEthereum price data casts doubt on the strength of ETH’s support at $3KETH derivatives data shows pro traders’ appetite for risk declining, placing pressure on the $3,000 support level.3949 T
Billionaire Hedge Fund Manager Ray Dalio Still Concerned Government Could Outlaw Cryptocurrency
Billionaire Hedge Fund Manager Ray Dalio Still Concerned Government Could Outlaw Cryptocurrency The founder of the world’s largest hedge fund, Bridgewater
Bitcoin miner Marathon Digital to join S&P SmallCap 600, shares jump 18%
Brayden Lindrea8 hours agoBitcoin miner Marathon Digital to join S&P SmallCap 600, shares jump 18%Marathon Digital will officially be added to the index fund on May 8.3564 Total views6 Total sharesListen to article 0
Cointelegraph Research11 hours agoBitcoin price shrugs off bears, but mining stocks take a beating: ReportThe crypto mining sector is becoming increasingly competitive, with hash rate showing no sign of slowing down, and
Bitcoin Price Slides 2% After Deribit, Coinbase Flash Crash
Update (Nov. 1, 15:03 UTC): Deribit will reimburse over $1.3 million in losses from the BTC index calculation data issue witnessed at 21:00:00 UTC on October 31, 2019. Another fla
$2 Billion Cryptocurrency Hedge Fund Industry Set to ‘Grow Significantly’
$2 Billion Cryptocurrency Hedge Fund Industry Set to "Grow Significantly"Cryptocurrency hedge funds’ assets under management have been increasing significantly, rising to more
Bitcoin Price Almost Hits $98,000: Key Reasons Behind The Rally
Este artículo también está disponible en español. Bitcoin has reached a new all-time high, surging to $97,852 on Binance. The cryptocurrency is up 5% in the last 24 hours
Stablecoin Economy Growth Stagnates for 73 Days, USDC Market Cap Slides 5% Lower
Stablecoin Economy Growth Stagnates for 73 Days, USDC Market Cap Slides 5% Lower Since the Terra stablecoin fiasco in May, the top stablecoins by market capitalization dropped 10.6
On-Chain Metrics Reveal The Most Critical Resistance For Bitcoin – Can BTC Break $97.5K?
Este artículo también está disponible en español. Bitcoin continues to trade within a tight range, holding above the $94K level while struggling to break past the $100K m
’30for30′ Bitcoin Solidarity With El Salvador Trend Tries to Convince People to Buy $30 in BTC Tomorrow
"30for30" Bitcoin Solidarity With El Salvador Trend Tries to Convince People to Buy $30 in BTC Tomorrow It’s a big day for El Salvador this Tuesday, as the country’s
Veteran Analyst Predicts Bitcoin Surge To $150K — Here’s The Timeline
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu