SECURITY

How to prevent rampant crypto scams in a bull market? SlowMist introduces various scam tools and phishing techniques.

share
How to prevent rampant crypto scams in a bull market? SlowMist introduces various scam tools and phishing techniques.

The cryptocurrency bull market not only brings wealth effects to investors, but also serves as a harvest season for hackers. Recently, there has been a significant increase in fraudulent comments on Facebook pages. Cybersecurity firm SlowMist has compiled various phishing methods and scam processes, hoping that participants in the cryptocurrency space can better guard against security issues.

What is Drainer-as-a-Service (DaaS)?

Yu Xian, the founder of SlowMist, pointed out that DaaS can be understood as a phishing tool for the cryptocurrency industry, with well-known tools including:

  • MS

  • Pink

  • Angel

  • Pussy

  • Venom

  • Medusa

  • Monkey

  • Inferno

Malicious actors spend money to purchase the aforementioned Drainers tools, combine them with thousands of phishing websites, marketing accounts, various scams, vulnerability exploits, penetrations, spam advertisements, etc., flooding into the cryptocurrency industry like a raging beast.

Common Phishing Techniques in Cryptocurrency

Yu Xian listed various mechanisms behind phishing tools:

  • Native signature exploitation: eth_sign, personal_sign, eth_signTypedData_*, etc., with eth_sign being blocked by numerous wallets.

  • Authorization function exploitation: approve/permit in Token/NFT.

  • TX data 4byte exploitation: Claim Rewards/Security Update.

  • Authorization signature: Pre-create funding receiving address with Create2 to bypass relevant detection.

  • Bitcoin script one-click batch phishing, UTXO mechanism.

  • Switching phishing between various EVM chains/Solana/Tron, etc.

Phishing Routes and Scam Entry Methods

Yu Xian emphasized that "phishing" is a broad concept, with various techniques but fundamentally similar, and despite the prevalence of these methods, users are still occasionally deceived. He urged everyone to be more cautious.

Phishing routes include:

  • Google/X and other poisoned advertisements, X reviews, or private message poisoning.

  • Hacking into official accounts X, Discord, Telegram, etc., to post phishing links.

  • Hijacking methods such as BGP/DNS, planting malicious code on the official website.

  • Concealed trap contracts, Phoenix Nest schemes, arbitrage traps, etc.

  • Fabricated events/zero transfers and other deceptive tactics.

  • Intermediaries tampering with hardware wallet sales channels.

  • Deceiving users to directly "offer" their mnemonic phrases.

  • Impersonating journalists, investors, project parties, etc., to deceive users into downloading infected files.

Yu Xian also mentioned the ZeroTransfer scam method, deliberately generating addresses that are identical to the users' and sending small transactions, waiting for users to mistakenly recognize this address and make a transfer next time.

Binance itself has also encountered similar incidents before.

ZeroTransfer Scam! Cryptocurrency wallet addresses cannot be judged solely by the beginning and end. Zhao Changpeng CZ warns: Binance is at risk of being defrauded of $20 million. Zero U address is poisoned.