Fun

The 2 Most Common Airdrop Phishing Attacks and How Web3 Wallet Owners Can Stay Protected

News Feed - 2022-06-19 05:06:40

The 2 Most Common Airdrop Phishing Attacks and How Web3 Wallet Owners Can Stay Protected


In the world of cryptocurrencies, decentralized finance (defi), and Web3, airdrops have become commonplace in the industry. However, while airdrops sound like free money, there’s been a growing trend of airdrop phishing scams that steal people’s money when they attempt to get the so-called ‘free’ crypto assets. The following is a look at two different ways attackers use airdrop phishing scams to steal funds and how you can protect yourself. Airdrops Don’t Always Mean ‘Free Crypto’ — Many Airdrop Giveaway Promotions Are Looking to Rob You


Airdrops have been synonymous with free crypto funds, so much so that a rising crypto scam called airdrop phishing has become prevalent. If you are a participant in the crypto community and use social media platforms like Twitter or Facebook, you’ve probably seen a number of spam posts advertising airdrops of all kinds.


Usually, a popular Twitter crypto account makes a tweet and it is followed by a slew of scammers advertising airdrop phishing attempts and plenty of accounts saying that they have received free money. Most people won’t fall for these airdrop scams but because airdrops are considered free crypto, there’s been a bunch of people who have lost funds by falling victim to these types of attacks.


The first attack uses the same advertising method on social media, as a number of people or bots shill a link that leads to the airdrop phishing scams web page. The suspicious website may look very legitimate and even copy some of the elements from popular Web3 projects, but in the end, the scammers are looking to steal funds. The free airdrop scam could be an unknown crypto token, or it could also be a popular existing digital asset like BTC, ETH, SHIB, DOGE, and more.


The first attack usually shows that the airdrop is receivable but the person must use a compatible Web3 wallet to retrieve the so-called ‘free’ funds. The website will lead to a page that shows all the popular Web3 wallets like Metamask and others, but this time, when clicking on the wallet’s link an error will pop up and the site will ask the user for the seed phrase. To get support, open MetaMask and navigate to “Support” or “Get Help” within the dropdown menu. Do not trust anyone who has sent you a direct message. UNDER NO CIRCUMSTANCES should you ever give your Secret Recovery Phrase to anyone or input it into any site!


— MetaMask Support (@MetaMaskSupport) April 29, 2022



This is where things get shady because a Web3 wallet will never ask for the seed or 12-24 mnemonic phrase unless the user is actively restoring a wallet. However, unsuspecting airdrop phishing scam users may think the error is legitimate and enter their seed into the web page which eventually leads to the loss of all the funds stored in the wallet.


Basically, the user just gave the private keys to the attackers by falling for the Web3 wallet error page asking for a mnemonic phrase. A person should never enter their seed or 12-24 mnemonic phrase if prompted by an unknown source, and unless there’s a need to restore a wallet, there’s really never a need to enter a seed phrase online. Giving a Shady Dapp Permissions Is Not the Best Idea


The second attack is a bit more tricky, and the attacker uses the technicalities of code to rob the Web3 wallet user. Similarly, the airdrop phishing scam will be advertised on social media but this time when the person visits the web portal, they can use their Web3 wallet to “connect” to the site.


However, the attacker has written the code in a way that makes it so that instead of giving the site read access to balances, the user is ultimately giving the site full permission to steal the funds in the Web3 wallet. This can happen by simply connecting a Web3 wallet to a scam site and giving it permissions. The attack can be avoided by simply not connecting to the site and walking away, but there are lots of people who have fallen for this phishing attack. Here’s the latest phishing scam


1️⃣ Airdrop a token

2️⃣ Build a website with same name so it’s easily found

3️⃣ When you find what appears to be staking for this token, the Approve txn gives unlimited spending of other tokens (ie SNX)


Then they drain your wallet of the token. pic.twitter.com/vICIeC5rGk


— DeFi Dad ⟠ defidad.eth (@DeFi_Dad) December 20, 2021



Another way to secure a wallet is by making sure the wallet’s Web3 permissions are connected to sites the user trusts. If there are any decentralized applications (dapps) that seem shady, users should remove permissions if they accidentally connected to the dapp by falling for the ‘free’ crypto scam. However, usually, it is too late, and once the dapp has permission to access the wallet’s funds, the crypto is stolen from the user via the malicious coding applied to the dapp.


The best way to protect yourself from the two attacks mentioned above is to never enter your seed phrase online unless you are purposely restoring a wallet. Alongside this, it is also good form to never connect or give Web3 wallet permissions to shady Web3 websites and dapps you are unfamiliar with using. These two attacks can cause major losses to unsuspecting investors if they are not careful of the current airdrop phishing trend. Tags in this story 2 common attacks, 2 major attacks, Airdrop, airdrop phishing, airdrop scam, attackers, connecting wallets, decentralized finance, DeFi, Hackers, malicious code, metamask, mnemonic phrase, permissions, Phishing, restoring a wallet, scammers, Scams, Seed Phrase, Wallet Connect, Wallets, Web3, Web3 wallet, Web3 Wallet Attacks


Do you know anyone who has fallen victim to this type of phishing scam? How do you spot crypto phishing attempts? Let us know your thoughts in the comments. Jamie Redman


Jamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,000 articles for Bitcoin.com News about the disruptive protocols emerging today. Organizer of Binance-Sponsored Crypto Tour Says Campaign Was Successful FEATURED | 1 day ago Rock Legend Gene Simmons Owns 14 Cryptocurrencies — "I Have Not Sold a Single Position Since the Downturn" FEATURED | 2 days ago


Image Credits: Shutterstock, Pixabay, Wiki Commons Previous articleBitriver to Mine Crypto Using Excess Gas From Gazprom Neft’s Oil Extraction Next articleBlackrock’s CIO: Bitcoin and Crypto Are Durable Assets — Prices Will Move Higher Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments More Popular NewsIn Case You Missed ItTony Hawk"s Latest NFTs to Come With Signed Physical Skateboards


Last December, the renowned professional skateboarder Tony Hawk released his “Last Trick” non-fungible token (NFT) collection via the NFT marketplace Autograph. Next week, Hawk will be auctioning the skateboards he used during his last tricks, and each of the NFTs ... read more.Fidelity Investments Launches Crypto, Metaverse ETFs — Says "We Continue to See Demand" Argentinian Securities Regulator Launches Innovation Hub to Discuss Regulated Crypto Investments Australia to List Bitcoin ETF After 4 Clearinghouse Participants Commit to Meet Stringent Margin Terms Survey: Adoption in Argentina Grows, With 12 out of 100 Adults Having Invested in Crypto

News Feed

Bitcoin Price Surge: Nears $100,000 Mark Post Breakthrough Of 10-Week High
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Amaka Nwaokocha13 hours agoUS judge rules in favor of human ingenuity, denies copyright for AI artThis ruling shifts the conversation on AI and copyright, underscoring the significance of human creativity in intellectual
Kleiman Estate Asks Judge to Overrule Craig Wright’s Objections
Kleiman Estate Asks Judge to Overrule Craig Wright"s Objections On December 16, new court filings from the Kleiman v. Wright case show the plaintiffs have responded to Wright&rsq
Price analysis 6/28: BTC, ETH, BNB, SOL, XRP, DOGE, TON, ADA, AVAX, SHIB
Rakesh Upadhyay4 hours agoPrice analysis 6/28: BTC, ETH, BNB, SOL, XRP, DOGE, TON, ADA, AVAX, SHIBAltcoins see another week of rocky trading, while traders are viewing Bitcoin price dips as a buying opportunity, as seen
Crypto products shed $528M amid recession fears — CoinShares
Helen Partz12 hours agoCrypto products shed $528M amid recession fears — CoinSharesAs Bitcoin dropped below $50,000, analysts expect more outflows that would potentially drive prices down to $42,000.10893 Total views11
Solana Eyes $200 Target As It Gains Momentum – Recovery Could Mirror 3-Month Downtrend
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Bitcoin Will Be Accepted for Tax Payments in Swiss Canton Zug Next Year
Bitcoin Will Be Accepted for Tax Payments in Swiss Canton Zug Next YearBitcoin and ether can be used to pay taxes in the Swiss Canton of Zug starting next tax season. Zug’s cr
Nobel Laureate Ben Bernanke Blasts Cryptocurrencies, Says Tokens ‘Have Not Been Shown to Have Any Economic Value at All’
Nobel Laureate Ben Bernanke Blasts Cryptocurrencies, Says Tokens "Have Not Been Shown to Have Any Economic Value at All" Ben Bernanke, former chairman of the Federal Reserve and al
Turner Wright4 hours agoBlockchain Association responds to US lawmakers’ request for crypto tax guidanceLawmakers with the U.S. Senate Financial Services Committee announced in July they would be accepting suggestions
Amaka Nwaokocha12 hours agoNigeria and UK foundation launch Code Clubs for digital literacyNigeria’s communication ministry said the Code Clubs will introduce young participants to coding and digital technology and enc
Uniswap Rally Loading—Here’s Why The Next Move Could Be Explosive
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Ana Paula Pereira16 hours agoAlibaba, silver, gold, Bitcoin, Ethereum: Mike Novogratz’s ideal portfolioDuring a recent interview with Bloomberg Wealth, Novogratz touched on topics ranging from investing to Ripple’s c