Over 73,000 the most effective strategies is phishing attacks. Because cryptocurrencies and NFTs are protected by the impenetrable security of blockchain technology, the easiest way to steal blockchain assets is through trickery.
In Web 2.0, a phishing attack is a type of hack that usually involves a fake email with an attachment containing a virus that attacks the recipient's device or, worse, quietly sits in the background and gathers their personal data. In Web 3.0, a phishing attack is often a fake front-end website cloned from a real crypto project designed to trick the into g a malicious smart contract that transfers their crypto holdings to the attacker's wallet, and can come in the form of an email (if known) or through a malicious token. Victims are lured in by the promise of an "airdrop" – free distribution of tokens commonly issued as a reward for early s, and the malicious code is executed when they claim the airdrop. Unlike a pump-and-dump crypto scam, a phishing attack uses a smart contract to directly steal a victim's holdings from their wallet.
According to it executed malicious code and stole all of their real Uniswap LP tokens. One , who was providing WBTC and USDC, lost more than $8 million to the attack.
Don't Touch Randomly Airdropped Tokens
Conducting a cryptocurrency scam is not hard. It is relatively easy to design and deploy a malicious smart contract, clone an open-source front-end, and then send the infected tokens to all potential victims. These victims will investigate where the tokens came from, as the tokens do show up on Etherscan and have a dollar value, and in following the tokens' website URL will be presented with a page requiring them to connect their wallet and sign a transaction to claim their airdrop. It is necessary to do cursory research prior to g any transactions promising free crypto, especially for large projects like Uniswap, and treat all free crypto as a potential scam.
If a respected protocol like Uniswap is going to conduct an airdrop, it will make an announcement on its blog and official social media channels. Legitimate crypto projects also very rarely conduct airdrops by "pushing" the tokens to their recipients, as it is expensive and unsafe to do. Instead, it is standard to use a "pull" method of delivery, where recipients go to the official website and collect the tokens from an airdrop page. The pull method is cheaper on the sender and much safer for the recipient, as they know where the tokens came from. Finally, legitimate projects will and their smart contract code on block explorers like Etherscan, which is the only way to know what's in a transaction without g it.
The first thing a should do if they receive tokens from a Web3, metaverse, or blockchain project is to check the project's official blog and social media channels for a post about an airdrop, and if none is announced then the tokens received should be treated as suspicious. It is important to that malicious tokens can only attack if they are interacted with. While there isn't much that can be done for the victims of the Uniswap phishing attack, everyone else should be immediately suspicious of tokens received via a pushed airdrop, as this is not an industry-standard way of conducting airdrops and is often used for phishing attacks.
Source: CoinDesk