The report made by one of the most known and respected crypto security companies, the SlowMist, claims that in over 300 crypto security incidents over the year, 31% of them happened by rug pulls, phishing, or some other scam.
The SlowMist, the company that built its authority by helping some of the most significant crypto projects in the world, such as Huobi, Binance, Crypto.com, PancakeSwap, TUSD, Alpaca Finance, etc in building safe and secure platforms, claims that all these scams could be prevented with a little bit security education. They picked several most common ways thieves achieved their goals in 2022.
The SlowMist claims that one of the ways thieves used is a similar address airdrop. They send a small number of coins to the victim’s addresses, aiming to match your address with their own as close as possible, with several last digits matching fully. This is meant to confuse the target to copy this scam address from their transaction history and use it for future transactions.
Thieves used browser bookmarks in another scam to access the target’s Discord account. Scammers used fishing pages to insert their script into the browser bookmark, which allows them to take over the Discord account and all permissions it provides. Once they gain access to a person’s account, they can use it to send private messages with links to more advanced frauds.
In case this Discort scheme succeeded, they can move to the next level and send the invitation to participate in testing a new crypto project or telling some other story to make victims download the dedicated software commonly known as Trojan Horse that can sniff around their PC and send them interesting data. Some of these apps are able to find crypto wallets, passphrases, login information, and whatever these thieves are targeting to make it work.
The next one is a so-called “Zero $ purchase” crypto scam. In this scam victims are cheated to sign over NFTs practically for no value at all via fraud sales order, which gives power to scammers to determine a selling value for the remaining NFTs owned by the victim. SlowMist made it clear that false signatures are unable to be revoked and the victim can only deauthorize previously set orders to mitigate the exposure and prevent the attacker from using their signature.
The last one I will mention here is a phishing attack known as “eth-sign phishing”. This attack allows them to use your private key and sign transactions as they want. Once you connect your wallet to a fake site, the signature box pops up with a warning from MetaMask, and after you sign it through eth_sign, they got the authority over your assets. This is one of the most common ways that people lost their funds last year.
Of course, there are many more ways to lose your assets in the crypto world, but here I mentioned only a few most common. Most of the stolen funds were actually connected to centralized exchanges being hacked or smart contracts being exploited, but these are out of our reach and we can only hope that their teams will prevent this from happening, but the protection from frauds I described is just our responsibility. If you want to learn how to store your crypto safely, read this article we prepared for you.