As the public interest surrounding crypto continues to grow, people are becoming increasingly aware of the risks involved with using this new technology, a recent NordVPN survey found.
Interested in gauging general awareness about the dangers of crypto-related crime and cyberattacks, the VPN service provider included more than 1000 respondents in the US.
Crypto and cybersecurity awareness
The survey results suggest that nearly seven out of ten Americans (68%) are to some extent “aware” that there are risks involved with crypto.
According to these results, roughly every other American (51%) is familiar with fake coin and system scams, while well over half of respondents (59%) are mindful that other risks include hacking of trading platforms, systems, and cryptocurrency exchanges.
In addition, 57% are cognizant of the danger of account takeover.
At the same time, the majority (56%) of respondents are also conscious of phishing threats lurking in emails, calls, or texts that are alerting about a change in funds.
However, while 69% of all participants had some understanding of what cryptocurrency is, and how it could be used, the report pointed out that “concerningly” almost every third person in that group of crypto-awake did not report any awareness of the associated risks.
“The bad news is that 32% of the people while being aware of cryptocurrency, don’t seem to know much about the dangers of crypto-related crime and cyberattacks,” read the report, noting that such lack of consciousness could become a real problem as the use of crypto continues gaining traction.
According to the report, “this is just part of a larger, more troubling trend,” and the actual issue lies in the fact that many people in the wider population “have a poor understanding” of cybersecurity in general.
Practicing password hygiene by using a password manager and 2FA, staying alert of sophisticated phishing tactics, and setting up a virtual private network (VPN)–are the ABC of basic protection, the report concluded.
Microsoft warns of ‘ice phishing’ targeting blockchain technologies
Meanwhile, Microsoft warned that the introduction of Web3 may also bring with it unique forms of phishing.
“Some attacks look similar to traditional credential phishing attacks observed on Web 2, but some are unique to Web 3,” read the warning, which addressed some of the more typical tactics that target cryptocurrency users–tricking them into giving up their private keys.
However, the educational piece focused on the ‘ice phishing’ technique which doesn’t involve stealing the end user’s private keys.
In this type of attack, cybercriminals attempt to dupe victims into signing a transaction that “delegates approval of the user’s tokens to the attacker.”
Such transactions can be used in DeFi environments–enabling a token swap to take place, for example.
“In an ‘ice phishing’ attack, the attacker merely needs to modify the sender address to the attacker’s address. This can be quite effective as the user interface doesn’t show all pertinent information that can indicate that the transaction has been tampered with,” Microsoft noted, using last year’s BadgerDAO compromise as an example to describe the method.
In the particular incident, Badger’s front-end infrastructure was compromised by gaining access to a Cloudflare API key. This enabled the attacker to inject malicious script into the Badger smart contract front end, which duped users into signing transactions–granting approvals to the attacker’s account.
In such attacks, the attackers can phish several approvals–accumulating them over time and eventually drain victims’ wallets quickly.
Featuring a summary of the most important daily stories in the world of crypto, DeFi, NFTs and more.