Security concerns in the emerging Web 3.0 world

News Desk -

Share

The World Wide Web is undergoing a transition to Web 3.0, which is being fueled by advancements in cryptocurrency, blockchain technology, decentralized applications, and decentralized file storage. The development of a 3-D experience known as the metaverse, which is the next iteration of both social media and the Internet, is a critical component of this transition. The metaverse brings with it a slew of new challenges and security risks, as well as fresh takes on old strategies.

Cisco Talos, one of the world’s largest private threat intelligence teams, recently examined the pervasiveness of threats and scams in the metaverse. They discovered new twists on old threats as well as entirely new scams and threats found only in the Metaverse. 

“Recent security research by Cisco Talos has shown that the Metaverse landscape appears ripe for cybercriminals. Whether they are translating old threats in the new Metaverse space, leveraging time tested social engineering and phishing techniques of the past or beginning to craft new technical attacks to make money in new ways the cybercriminal game is growing,” said Fady Younes, Cybersecurity Director – Cisco Middle East and Africa.

ENS Domains

The increasing popularity of digital currency has led to an increase in the use of Ethereum Name Service (ENS) domains. ENS domains are short names that are used to locate the associated cryptocurrency wallet address. As a result, popular domain names have been trademarked and resold by third parties. As a result, nothing prevents the owner of an ENS domain from using that name to mislead unsuspecting users into thinking they are dealing with a legitimate organization. Furthermore, these ENS domains point to wallet addresses, allowing anyone to view the contents of the wallet associated with the name at any time.

Social engineering

Adapting to a new technology often comes with the threat of social engineering and Web 3.0 is no exception. The vast majority of security incidents affecting Web 3.0 users stem from social engineering attacks such as cloning wallets. Users should be careful not to be tricked to share their “seed phrase”.  In the event that a cryptocurrency wallet is lost or destroyed, a user can recover their wallet, and all of its contents, using a 12 to 24 word “seed phrase” which is essentially, their private key. Anyone with knowledge of the seed phrase (private key) can clone a cryptocurrency wallet and use it as their own. Thus, many cybercriminals who are seeking to steal cryptocurrency or NFTs (non-fungible tokens) target a user’s seed phrase.

Beware of fake customer support agents

Another method attackers use to separate users from their seed phrase is to pose as a customer support agent offering responding to publicly posted Twitter or Discord server requests from users. Criminals monitor these channels and will contact users to offer “help” – ultimately bringing them to share their seed phrases. 

Whales

Whales are high profile cryptocurrency accounts that hold a large amount of crypto currency or NFTs. Some estimates report that 40,000 whales own 80% of all NFT value and as such are an attractive target for cyber security criminals. Scammers know that many smaller investors watch these whales’ wallets and will therefore socially engineer them into investing in their own fake projects. Most legitimate NFT projects freely publish their source code for their smart contract. The fact that this project’s code has not been published should be a red flag for potential investors.

Malicious smart contracts

While some attackers focus on exploiting bugs in legitimate smart contracts, others take a different approach and create their own malware, which is then deployed on the blockchain in the form of malicious smart contract code. Malicious smart contracts perform all of the standard smart contract functions but in unexpected ways.


Leave a reply