Ice Phishing Targetting DeFi

Research Team of Microsoft 365 Defender has detailed the latest phishing attacks dubbed ice phishing, designed to target the nascent technology underpinning Web3 so-called decentralised third generation of the internet.

The attack method involves hijacking the normal approval process that handles the secure transaction of tokens, such as cryptocurrency, over a blockchain.

Badger DAO was hacked and $121 million of assets stolen, is a platform that allows users to deposit Bitcoin and earn interest on their deposits using a variety of yield farming strategies. It uses a decentralised finance (DeFi) protocol called Badger and currently has $978 million total volume locked.

The Ethereum blockchain, on which the Badger DAO attack occured, hosts cryptocurrencies that use the ERC-20 standard to create and issue smart contracts that can be then used to securely transfer assets over the blockchain.

The owner of the asset is automatically approved to make the transaction but they can also delegate approval to additional entities such as smart contracts. It’s this process that ice phishing aims to exploit.

Ice phishing does not involve stealing a user’s private keys. It involves tricking a user into signing a transaction that delegates approval of the user’s tokens to the attacker.

In Badger DAO attack, the platform’s front-end infrastructure was compromised which allowed the attacker to inject malicious code into the Badger smart contract front end. This code requested users to sign transactions granting ERC-20 approvals to the attacker’s account.

Attackers both compromise these platforms’ infrastructures and leverage the basic UI to fool users into granting transaction approval to the attacker’s wallet. Using a transaction on the Uniswap platform a decentralised token exchange allowing users to swap Ethereum-based cryptocurrency tokens for other tokens

Microsoft said the Web3 stack is still in its infancy and as such, bears risks for users. The Badger DAO attack was significant and one of the largest hacks of its kind in terms of the number of assets stolen.

Attacks like these are likely to continue, said Microsoft, though transactions of this kind, on the blockchain, are public which makes investigating the incidents easier.

Identifying such attacks is possible and can even be automated. A public blockchain also allows investigators to see how much has been stolen – something that is typically difficult in traditional, web2-based phishing attacks.