Imagine preparing for a year, until finally launching an ICO, only for a cyber fraudster to ruin everything in a matter of a few minutes. Indeed, with the thrill that follows every blockchain and ICO project, comes a customized cyber attack trying to divert Bitcoin, Ethereum, and any other cryptocurrency involved.
Every blockchain startup and every investor is cunningly targeted, and there’s hardly a place on the web where one can avoid the cybersecurity threat. Therefore, unless the necessary anti-phishing measures are taken, Social Engineering will enable a hacker to mislead a victim with fake websites, fake advertising in search engines, and fake social media accounts. How so? Let’s delve into the cases of Chronobank, Jibrel Network, and other.
Generally speaking, there are 3 main areas which are most commonly subjected to phishing attacks:
Our first case is about Dave Appleton, a designer of the Ethereum smart contract eco-system at HelloGold. This IT specialist was coding late one night when he received a notification from the slack channel of an ICO project that he was monitoring. In the message, he was offered early access to the website. Appleton sent some Ethereum because he had checked the contract code, ensured that the link was verified, and had visited the website dozens of times. Well, it all seemed pretty solid. The link took Appleton to a phishing website. Later, he’d say, ‘I will give them credit-they made a wonderful replica of the genuine website and made a plausible argument.’
You should never trust the link unless you’ve typed it yourself.
In January 2017, Google shared its annual BadAds report where it claimed to remove 1.7 billion ads in 2016 compared to the 780 million it did the previous year. Among them, there are those “trick to click” ads that may look like system error notification which makes user download malware. The virus, for example, a Trojan, will scam all the passwords and any other sensitive data in a few minutes unless the computer has strong phishing protection.
Although Google promised to make updates and spot “trick to click” advertisements more accurately, there’s still a great possibility to get trapped.
Last year Chronobank, a project dealing with online payments based on blockchain technology, made a post trying to prevent phishing of their clients. They warned that fraudsters had created copies of their social accounts on Twitter and Reddit and posted links to the phishing websites that contained malware. Also, the criminals tried to forge a Slack account and pretended to be one of Chronobank’s support members. Having fully disclosed the fake domains, managers eliminated the attack successfully.
Consider this for a moment: would Chronobank raise a red flag on all its social accounts, if phishing wasn’t so dangerous?
It is not all that bad, as it was proved in the case of Jibrel Network saved by Hacken. The Co-Founder at Jibrel Network, Talal Tabbaa, says that 10 minutes before the ICO started, 4 fake websites appeared. The replicas had slight variations which could have been noticed only by sophisticated users. The response by the Hacken team was immediate. 6 hackers were compromised on the Telegram account in few minutes. In less than 3 hours, all 4 fake websites were taken down. The Hacken team was so good, that Talal Tabbaa invested in Hacken personally.
Always ensure anti-phishing protection for your ICO.
It’s extremely important for an ICO startup to pay attention to any suspicious activity and immediately raise a red flag if they’ve already undergone a phishing attack. Being victimized once doesn’t mean that the attacks won’t be repeated.
With guardians like Hacken, adverse situations are easier to tackle. The company gives hope that the blockchain universe will defeat Social Engineering.
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.