A Cybersecurity Stack Fit to Defend Against Web3 Scams

Impersonation scams, a form of phishing, have become one of the most common and insidious methods of cyberattack. Since 2020, the number of domains suspected to be used for impersonating legitimate brands has risen by 360%, while over three-quarters of lookalike domains have been found to host phishing content designed to extract user credentials or private information. 

The Web3 sector has become a magnet for this particular type of attack, due to the financial allure. As the popularity of decentralized applications and services has grown, the “connect with wallet” feature has become more prevalent as the most user-friendly means to connect to decentralized applications and services. 

Just as Web2 users connect to websites using their Facebook or Google credentials, Web3 users connect via browser wallets like MetaMask or TrustWallet so they can interact with services such as decentralized exchanges, play-to-earn games, or media networks. 

However, this connection introduces a vulnerability where attacks such as spoofing and sweeping can happen. Spoofing attacks encourage users to enter their wallet credentials but on a fake domain close enough to the genuine name to pass as real. Attackers may then try to gain access to the user’s private keys via various methods. This could include a straightforward request to provide the keys or more sophisticated techniques, such as posing as helpdesk employees. 

Another even more sophisticated method is known as sweeping, where the attacker assigns a hidden script to the wallet. Once the user attempts to make a legitimate transaction, the script will intervene to sign a new transaction, sending funds to the attacker’s wallet before the legitimate one is complete. Since the entire process is carried out automatically, a user has no chance of getting ahead of the attack. 

A Growing Problem for a Growing Industry 

These tactics are surprisingly effective. In 2022, a record year for crypto hacks, scammers successfully managed to use SEO techniques to get fake websites for leading crypto services, including Coinbase, Kraken, and MetaMask, ranking on the first page of Google’s search results. Upon entering the websites, users received messages inviting them to a “live Q&A” with a scammer posing as a customer service agent. By 2023, crypto media firms were also becoming victims of these brand-jacking tactics, as fake versions of trusted outlets Blockworks and Decrypt began doing the rounds. 

The key challenge of cybersecurity is staying ahead of the attackers. Many current solutions only focus on detection after the act, taking down fake sites. However, in the Web3 world, where blockchain transactions are permanent and irreversible, this is simply too little, too late for a user who has already lost funds. 

Furthermore, security issues like these degrade the overall Web3 user experience, and overcoming them is critical to facilitating adoption among non-crypto-natives. Web3 innovators should consider implementing a multi-layered strategy to ensure that their users are better protected. 

Laying Out First Defenses

A key first line of defense is preventing brand impersonation fraud from the outset, which requires real-time detection tools during the critical “window of exposure” period when a fake website actually goes live. Memcyco is one example. It uses a proprietary technology to monitor for spoofs and sends instant alerts to the company when it detects that a fake website has gone live. It also provides users with a popup message to alert them to the fact that they’re on a fake site while enabling the genuine site to display a forge-proof watermark of authenticity on each page so users have the confidence that they are on the real version.

Real-time tools make all the difference in cases of domain spoofing since once a spoof site is identified, it can take weeks to get it taken down. For a Web3 project, this could mean a prolonged period of reputation damage and management as users continue to lose funds. 

Building the Stack

Cybersecurity tools can also help users protect themselves against attacks such as sweeping. For instance, wallet protection services like Blockfence can be installed as a browser extension, scanning for blockchain activity and suspicious wallets and providing a risk assessment to the user for each transaction before they sign it. This provides a failsafe for instances where scammers try to intervene in transactions with their own wallet addresses. Web3 services can do more to recommend users install such protections. 

Finally, as an additional measure, given the financial risks inherent in Web3, projects could also consider using a reverse proxy to enforce SSL/TLS encryption for incoming web traffic. Encryption would ensure that information sent between users and web servers is secure against interception and distribution. Furthermore, a reverse proxy can also help to block incoming requests that seem suspicious or contain malicious-looking content. 

As the industry anticipates a more prosperous phase of the markets ahead, it’s inevitable that cybercrimes such as phishing and brand-jacking will also increase as criminals are drawn to the increased wealth in the Web3 space. Therefore, it’s critical that teams put in place a robust, multi-layered strategy to protect their users’ funds and their own reputations against such attacks.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.