CRYPTO NEWS

The 2 Most Common Airdrop Phishing Attacks and How Web3 Wallet Owners Can Stay Protected

In the world of cryptocurrencies, decentralized finance (defi), and Web3, airdrops have become commonplace in the industry. However, while airdrops sound like free money, there’s been a growing trend of airdrop phishing scams that steal people’s money when they attempt to get the so-called ‘free’ crypto assets. The following is a look at two different ways attackers use airdrop phishing scams to steal funds and how you can protect yourself.

Airdrops Don’t Always Mean ‘Free Crypto’ — Many Airdrop Giveaway Promotions Are Looking to Rob You

Airdrops have been synonymous with free crypto funds, so much so that a rising crypto scam called airdrop phishing has become prevalent. If you are a participant in the crypto community and use social media platforms like Twitter or Facebook, you’ve probably seen a number of spam posts advertising airdrops of all kinds.

Usually, a popular Twitter crypto account makes a tweet and it is followed by a slew of scammers advertising airdrop phishing attempts and plenty of accounts saying that they have received free money. Most people won’t fall for these airdrop scams but because airdrops are considered free crypto, there’s been a bunch of people who have lost funds by falling victim to these types of attacks.

The first attack uses the same advertising method on social media, as a number of people or bots shill a link that leads to the airdrop phishing scams web page. The suspicious website may look very legitimate and even copy some of the elements from popular Web3 projects, but in the end, the scammers are looking to steal funds. The free airdrop scam could be an unknown crypto token, or it could also be a popular existing digital asset like BTC, ETH, SHIB, DOGE, and more.

The first attack usually shows that the airdrop is receivable but the person must use a compatible Web3 wallet to retrieve the so-called ‘free’ funds. The website will lead to a page that shows all the popular Web3 wallets like Metamask and others, but this time, when clicking on the wallet’s link an error will pop up and the site will ask the user for the seed phrase.

This is where things get shady because a Web3 wallet will never ask for the seed or 12-24 mnemonic phrase unless the user is actively restoring a wallet. However, unsuspecting airdrop phishing scam users may think the error is legitimate and enter their seed into the web page which eventually leads to the loss of all the funds stored in the wallet.

Basically, the user just gave the private keys to the attackers by falling for the Web3 wallet error page asking for a mnemonic phrase. A person should never enter their seed or 12-24 mnemonic phrase if prompted by an unknown source, and unless there’s a need to restore a wallet, there’s really never a need to enter a seed phrase online.

Giving a Shady Dapp Permissions Is Not the Best Idea

The second attack is a bit more tricky, and the attacker uses the technicalities of code to rob the Web3 wallet user. Similarly, the airdrop phishing scam will be advertised on social media but this time when the person visits the web portal, they can use their Web3 wallet to “connect” to the site.

However, the attacker has written the code in a way that makes it so that instead of giving the site read access to balances, the user is ultimately giving the site full permission to steal the funds in the Web3 wallet. This can happen by simply connecting a Web3 wallet to a scam site and giving it permissions. The attack can be avoided by simply not connecting to the site and walking away, but there are lots of people who have fallen for this phishing attack.

Another way to secure a wallet is by making sure the wallet’s Web3 permissions are connected to sites the user trusts. If there are any decentralized applications (dapps) that seem shady, users should remove permissions if they accidentally connected to the dapp by falling for the ‘free’ crypto scam. However, usually, it is too late, and once the dapp has permission to access the wallet’s funds, the crypto is stolen from the user via the malicious coding applied to the dapp.

The best way to protect yourself from the two attacks mentioned above is to never enter your seed phrase online unless you are purposely restoring a wallet. Alongside this, it is also good form to never connect or give Web3 wallet permissions to shady Web3 websites and dapps you are unfamiliar with using. These two attacks can cause major losses to unsuspecting investors if they are not careful of the current airdrop phishing trend.

Do you know anyone who has fallen victim to this type of phishing scam? How do you spot crypto phishing attempts? Let us know your thoughts in the comments.

Celsius Pays Off Over $120M On Its Bitcoin Backed Loan, Lowers Liquidation Price To $4,967

Besieged crypto-centric firm Celsius has continued to repay loans owed to various lenders as it charts a way forward to recovery. Since it announced that it was pausing all withdrawals, swaps, and transfers between accounts citing “extreme market conditions,” the firm has been forced to double down on its repayment figures to avoid being forcibly::Listen

Goldman Sachs Reportedly Keen To Raise $2 Billion To Purchase Celsius Assets

Besieged crypto-centric firm Celsius has continued to repay loans owed to various lenders as it charts a way forward to recovery. Since it announced that it was pausing all withdrawals, swaps, and transfers between accounts citing “extreme market conditions,” the firm has been forced to double down on its repayment figures to avoid being forcibly liquidated.

The transactions which have been tracked to vault #25977 that is linked to Celsius show that the firm repaid a $50 million Bitcoin loan on Monday lowering its BTC liquidation price to $8,839 before paying another $64 million dropping the liquidation price further to $4.9k. Although the firm has paid up other loans, albeit, in smaller chunks, these are the largest single repayments done by the firm since June 13. Previously, the firm had moved $77 million (in stablecoins) into the wallet they use to pay down their debt positions days after sending 67,000 ETH to FTX.

As of writing, Celsius’ vault now has 23,962 WBTC ($1.8B) collateral and an outstanding loan of $82 million. However, following the repayments, its collateralization ratio has risen by 577.81% which means less risk to its lenders.

As ZyCrypto reported, Celsius has been working around a recovery plan since it halted activities for its 1.7 million users on June 13. In a blog dated June 30 the firm assured its customers that it would be “taking important steps to preserve and protect assets and explore options available.”

These options include pursuing strategic transactions as well as a restructuring of our liabilities, among other avenues,” wrote Celsius.

According to a Sunday report by Israeli news outlet Calcalist, Celsius also laid off some 150 employees including some from Israel in an attempt to cut down on its spending.

A petition to call for a shareholders’ meeting aimed at finding the best recovery plan for Celsius depositors and shareholders has also been proposed. According to Simon Dixon, CEO of BnkToTheFuture and one of the biggest individual shareholders in Celsius, the firm should prioritize depositors in its recovery plans since “non-depositors & non-shareholders will only give predatory offers.”

That said, whereas Celsius’s financial health is at a critical level, its strategic financial moves have been a spectacle to watch and could be the true measure of the entire blockchain industry breaking out of this crypto winter.

The 2 Most Common Airdrop Phishing Attacks and How Web3 Wallet Owners Can Stay Protected

Shopping cart
There are no products in the cart!
Continue shopping
0