Microsoft alerts about threats on Web3 and Decentralized Networks

Microsoft has warned of emerging threats in the Web3 landscape, including “ice phishing” campaigns.

The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers.

The theft of the keys could be carried out in several ways, including impersonating wallet software, deploying malware on victims' devices, typo squatting legitimate smart contract front ends, and minting rogue digital tokens for Airdrop scams.

Another technique involves what Microsoft calls "ice phishing." Rather than stealing a user's private keys, the method works by deceiving the target into "signing a transaction that delegates approval of the user's tokens to the attacker."

Once the approval transaction has been signed, submitted, and mined, the spender can access the funds. In case of an 'ice phishing' attack, the attacker can accumulate approvals over a period of time and then drain all [the] victim's wallets quickly.

To mitigate threats affecting the blockchain technology, Microsoft is recommending users to review and audit the smart contracts for adequate incident response or emergency capabilities and periodically reassess and revoke token allowances.