How to Protect Yourself from Cybersecurity in Web3

Even though Web3 evangelists have been talking about how secure blockchain is for a long time, the huge amount of money flowing into the industry makes it an attractive target for hackers, con artists, and thieves.

When bad people get through Web3's security, it's usually because users don't notice the most common threats like human greed, FOMO, and ignorance, not because the technology is broken.

The FTC calls money-making opportunities and investment scams that promise big payoffs, investments, or special perks “money-making opportunities and investment scams.”

Scams with lots of money

A report from the Federal Trade Commission in June 2022 says that since 2021, more than $1 billion worth of cryptocurrency has been stolen. And where people meet online is where hackers look for people to hack.

“Nearly half of the people who reported losing crypto to a scam since 2021 said it started with an ad, post, or message on a social media platform,” the FTC said.

Even though scams sound too good to be true, people may believe them because the cryptocurrency market is so volatile and they don't want to miss out on the next big thing.

Attackers targeting NFTs

Along with cryptocurrencies, NFTs, or non-fungible tokens, are becoming a more popular target for scammers. According to Web3 cybersecurity firm TRM Labs, the NFT community lost about $22 million to scams and phishing attacks in the two months after May 2022.

Blue-chip collections like Bored Ape Yacht Club (BAYC) are especially sought after. In April 2022, scammers broke into the BAYC Instagram account and sent people to a site that took crypto and NFTs from their Ethereum wallets. A total of 91 NFTs worth more than $2.8 million were stolen. After a few months, NFTs worth 200 ETH were stolen from users through a bug in Discord.

Scams have also happened to well-known BAYC holders. On May 17, actor and producer Seth Green tweeted that four of his NFTs, including Bored Ape #8398, had been stolen in a phishing scam. As well as showing how dangerous phishing attacks are, it could have stopped Green from making his “White Horse Tavern” show, which was going to be about NFT. With BAYC NFTs, you can get a license to use the NFT for business purposes, like the Bored & Hungry fast food restaurant in Long Beach, California.

During a June 9 Twitter Spaces session, Green said that he got the stolen JPEG back after paying 165 ETH (more than $295,000 at the time) to a person who bought the NFT after it was stolen.

Luis Lubeck, a security engineer at Web3 cybersecurity firm Halborn, told Decrypt, “Phishing is still the first attack vector.”

Lubeck says that users should be aware of fake projects, cloned links, and websites that ask for wallet credentials.

Lubeck says a phishing scheme may start with social engineering, telling the user about an early token launch, 100x their money, a low API, or that their account has been breached and requires a password reset. These messages usually tell users they only have a short amount of time to act, which adds to their FOMO.

For Green, the phishing attack came through a link that had been copied.

A scammer makes a near-perfect copy of a website, email, or link via clone phishing. Green used a phishing website to create “GutterCat” clones.

When Green connected his wallet to the phishing website and signed the NFT transaction, he gave thieves his private keys and Bored Apes.

As a reminder, WikiBit is ready to help you search the qualifications and reputation of projects in a bid to protect you from hidden dangers in this risky industry!

iOS: t.ly/UUCj

Android: t.ly/cfYt