3 min Devops

Microsoft provides defense against the “ice phishing” on the blockchain

Microsoft provides defense against the “ice phishing” on the blockchain

As the adoption of Web3 and blockchain technologies rise, Microsoft warns the De-Fi network (world of finance) about a new cyber threat: ‘Ice Phishing.’

The rapid progress in decentralized technologies, smart contracts, blockchain, DeFi, metaverse, and Web3 has sparked a fire in the cryptographic systems leading to a drastic change in how users understand, interact, and experience online connectivity today.

However, with every advancement in technology comes several cyber threats and attacks – and Web3 is no exception. The most common cyber threats include ice phishing and mass spam that attack email and social media platforms for vulnerability exploitation.

Research conducted by the Microsoft 365 Defender Team on the 16th of February revealed that ice phishing had made its way into the blockchain, smart contracts, Web3, and custodial wallets. The research team identified attacks like the common phishing threats on Web2, while some are unique to Web3. They emphasized the importance of this:

“Reaffirming the durability of these cyber threats as well as the need for security fundamentals to be built into related future systems and frameworks seems to be necessary.”

Microsoft’s cyber security researchers further said that the ice phishing attacks on the blockchain and Web3 might take various forms.

Ice phishing endangers the digital assets

Web3 is a decentralized platform made on cryptographic security. Funds other than the Cast Dial are held in an encryption-protected wallet secured by a key known only to the user. So, how do ice phishing attacks manage to breach such a secure foundation?

The ice phishing technique doesn’t steal the user’s secure key. Instead, it tricks the user into agreeing to a transaction that allows the user’s approval to the attacker. It tricks the user into giving access to the private wallet that contains digital assets.

While the email phishing attempts aren’t that common, social media scams are widespread. For instance, a scam artist may seem like someone from the support team to send a direct message to the user asking for help from a cryptocurrency service by asking for a key.

Another advanced phishing trick is launching fake airdrops for free tokens across social media sites. When users try to access these assets, they’re automatically directed to a harmful domain that either tries to steal the credentials or executes a crypto-jacking on the victim’s device.

Ice phishing is a crucial cyber threat that completely ignores the private cryptographic key and tricks the user by signing a fake detrimental transaction to get the key.

As blockchain technology advances, it’s essential to examine this emerging technology to improve the security and information of digital assets.