As more users join the web3 ecosystem, hackers will have more options to strike. According to a recent analysis, there was a considerable increase in crypto-focused phishing attacks throughout social networking sites during the second quarter.
As per a Web3 Safety Q2 2022 report by CertiK, a blockchain and DeFi security-focused system supported by Goldman Sachs and others, there were 290 reported assaults during the second quarter, up 170 percent from 106 in the first quarter. While there are numerous lesser phishing attacks (or attempts) on people in the industry daily, the large assaults are defined as instances that resulted in crypto losses of $100,000 or more, according to the business.
“Social media has an impact on phishing assaults because it provides a centralized, single point of failure through which hackers may fool users into clicking on harmful links,” said Ronghui Gu, CEO, and co-founder of CertiK. “As a result, users are plundered of their possessions.”
The second quarter was packed with “losses” and hacks throughout the web3 ecosystem — and most don’t seem to expect things to settle down anytime soon. Over $2 billion has been lost to hackers and vulnerabilities since the beginning of the year, amounting to more than the entire year of 2021 in half the time, according to the research.
Most of the assaults were directed at initiatives engaging with users through Discord servers, like the BAYC discord hack. Discord launched a method for servers to identify and filter damaging remarks and spam last month. AutoMod is a feature that lets anybody who moderates one of the company’s server-based communities establish a custom list of terms that the bot may search for and intercept.
While this is a positive move, major chat applications such as Discord and Telegram devs have not yet enabled account verification. According to the research, without authentication, hackers may clone profiles and offer “giveaways” that are “too wonderful to pass up.”
“The current spate of Discord attacks is alarming because it demonstrates how susceptible web3 initiatives that depend on Web 2.0 infrastructure are to attack,” Gu added. “By accessing a web3 project’s official social media account, hackers may publish harmful links that pose as real, tricking consumers into believing them.”
While Twitter allows account verification, which gives users confidence, the network also hosts a large volume of spam.
“The future seems bleak for the rest of the year,” Gu added. “According to the most recent CertiK Q2 report, 2022 is already the worst year for losses, and we are just halfway through the year.”
Based on these figures, the research predicts a 223 percent rise in money lost to assaults in 2022.
“In a bear market, we would anticipate hacks to fall since users are often more seasoned, and there is less fresh and naïve money entering into the area,” Gu said. “The fact that these assaults may persist demonstrates both the continuous excitement of web3 users despite the bad market, as well as the necessity for web3 teams to maintain their care in safeguarding their projects.”
It is more important than ever for initiatives to secure their users. Because hackers are using Web 2.0-style tactics to infiltrate the Web3 domain, security measures must be revised.
“Much of web3‘s poor image as a digital ‘wild west’ stems from its reliance on web2 technology and the dangers it involves,” according to the paper. “This emphasizes how web3 security depends on moving away from, rather than reverting to, the centralized methods of its forefathers.”
Projects must advocate for more community education so that users do not fall prey to frequent assaults. Members must exercise care when clicking on links or trusting others, even if they are uploaded via official channels.
Despite the need for community involvement and education, web3 projects should prioritize security above utilizing readily hackable social media sites like Discord, whether that means demanding multiple signatures each time an account is visited or revoking authorization after each usage.
Ritik Joshi is an innovative writer who is always chasing knowledge and trying to get a grasp of a little bit of everything. He keeps up with the latest trends of the emerging technologies and writes an insightful account about them. You may find him listening to music or around an espresso machine while he’s not writing.