Definition
Ice phishing is a type of scam that targets people who use blockchain and cryptocurrency. The aim is to trick the victim into signing a malicious smart contract, allowing the attacker to steal cryptocurrency tokens.
How Ice Phishing Works
- Deceptive transaction: The perpetrator sends a malicious transaction to the victim, often concealed as a legitimate interaction within the decentralized application.
- Approval request: The victim receives a prompt to approve the transaction, presented as a routine action within the dApp, which may not raise immediate suspicion.
- Altered transaction: Without the victim’s knowledge, the attacker alters the transaction details, like the recipient’s address, thus redirecting the funds to the attacker’s wallet.
- Approval granted: The victim approves the transaction, believing it is safe. Once approved, the attacker transfers the cryptocurrency tokens to their address.
Ice Phishing Preventive Tips
- Confirm URLs when accessing decentralized apps and services.
- Verify the address on your smart contract to avoid being tricked.
- Audit the smart contracts to confirm their security and correctness.
- Double-check the transaction details when making a transaction using Metamask and other cryptocurrency wallets.
- Use cold storage for long-term holdings such as NFTs and opt for a hot wallet for active dApps.
- Check for incident response buttons in your smart contracts to help pause and unpurpose transactions.
- Use Etherscan or blockchain analytics to verify contract hash when transacting crypto assets.
- Be cautious with persons purporting to be customer support on social media platforms.