With the rise in Web 2.0, we saw credential phishing attacks during which bank details and other credentials of the users were stolen by directing them to illegitimate sites that seemed original. Now with Web 3.0 technologies on the rise, we have again started witnessing the same trend in the form of phishing attacks.
Web3.0 is the latest buzzword in the tech world. Built on blockchain technology, Web3.0 makes the third version of the internet decentralized. Blockchain, which is also the foundation for cryptocurrencies and NFTs, is an extremely secure environment that allows us to hold funds in a non-custodial wallet secured by a private key known only to us and sign immutable smart contracts. Blockchain is considered secure as it does not allow the same block for two separate transactions. Along with gaining immense popularity among people, blockchain has also managed to come under cyber-attack despite its high-level security measures.
Microsoft has also warned about the threats that can impact the blockchain. According to Microsoft, there are different types of phishing attacks in the web3 world. They say that the technology is still in the development stage, and new types of attacks may also emerge. The team says that the immutable and public blockchain enables complete transparency, therefore an attack can be observed and studied and that it also allows assessment of the financial impact of attacks.
Suggested Reading: What is Privacy Engineering and how it acts as an enabler of Digital Innovation?
How has the blockchain been attacked by the cybercriminals in the past?
- 51% attack: It refers to a group of miners who control more than 50% of the network’s computing rate. The attackers can interrupt the recording of new blocks by preventing other miners from completing blocks. They will also be able to reverse transactions that were completed while they were in control of the network.
- Phishing attacks: Using the phishing technique, the attacker tricks the user to sign a transaction that delegates his approval to use his tokens rather than stealing the user’s private keys. In the Badger Dao phishing attack in November-December 2021, the attacker was able to drain around $ 121 million.
- Routing attacks: In this type of attack, the hackers intercept data of the user during real-time data transfers by dropping connections in between or hijacking the IP prefixes.
- Sybil attacks: In the Sybil attack, hackers try to gain disproportionate influence over the honest nodes on the network by creating enough fake identities so that they can refuse to receive or transmit blocks, blocking other users from a network.
Blockchain is lucrative for hackers as there is a lot of money and tokens involved. As the blockchain is continuously growing, it is becoming difficult to regulate it. Attackers find weaknesses in the system and take advantage of the vulnerabilities for their gains.
