Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users that was first identified by Microsoft earlier this year.
In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions that end up allowing a scammer to spend their tokens.
This differs from traditional phishing attacks that attempt to access confidential information such as private keys or passwords, via methods like the fake websites that claim to help FTX investors recover their lost funds.
1/ Ice phishing is a considerable threat to the Web3 community
Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.
We’ll outline below what to look out for, and how to protect yourself!
— CertiK Alert (@CertiKAlert) December 20, 2022
A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing attack. An investor was convinced to sign a transaction request disguised as a film contract, ultimately enabling the scammer to sell all of the user’s Apes to themselves for a negligible amount.
The firm noted that this type of scam was a “considerable threat” and found only in the Web3 world, where investors are often required to sign permissions to decentralized finance (DeFi) protocols that could be easily faked. CertiK wrote:
“The hacker…
