txawm tias Web3 Cov kws tshaj tawm txoj moo zoo tau ntev touted lub haiv neeg kev ruaj ntseg nta ntawm blockchain, lub torrent ntawm cov nyiaj ntws mus rau hauv kev lag luam ua rau nws ib tug tempting zeem muag rau hackers, tus dag ntxias thiab tub sab.
Thaum cov neeg ua phem ua phem ua txhaum txoj cai Web3 cybersecurity, nws feem ntau yog rau cov neeg siv saib qhov kev hem thawj feem ntau ntawm tib neeg txoj kev ntshaw, FOMO, thiab kev tsis paub, tsis yog vim qhov tsis zoo ntawm cov thev naus laus zis.
Ntau qhov kev dag ntxias cog lus loj nyiaj, kev nqis peev, lossis cov txiaj ntsig tshwj xeeb; FTC hu rau cov nyiaj tau los thiab kev nqis peev dag.
Cov nyiaj loj hauv kev dag ntxias
Raws li lub Rau Hli 2022 daim ntawv qhia los ntawm Tsoom Fwv Teb Chaws Trade Commission, tshaj $ 1 nphom hauv cryptocurrency tau raug nyiag txij li xyoo 2021. Thiab cov neeg nyiag nkas mus yos hav zoov yog qhov chaw uas tib neeg sib sau ua ke hauv online.
"Zoo li ib nrab ntawm cov neeg uas tau tshaj tawm tias poob crypto rau kev dag ntxias txij li xyoo 2021 tau hais tias nws pib nrog kev tshaj tawm, tshaj tawm, lossis cov lus hauv social media platform," FTC hais.
Txawm hais tias kev dag ntxias tuaj-ons suab zoo dhau los ua qhov tseeb, cov neeg raug tsim txom tej zaum yuav ncua kev tsis ntseeg vim muaj kev kub ntxhov ntawm kev lag luam crypto; tib neeg tsis xav plam qhov loj tom ntej.
Attackers tsom NFTs
Nrog rau cryptocurrencies, NFT cov, los yog tsis-fungible tokens, tau dhau los ua ib qho nce nrov dua phiaj rau scammers; Raws li Web3 cybersecurity ruaj khov TRM Labs, hauv ob lub hlis tom qab lub Tsib Hlis 2022, NFT cov zej zog poob kwv yees li $ 22 lab rau kev dag ntxias thiab phishing tawm tsam.
"Blue-chip" collections xws li Bored Ape Yacht Club (BAYC) yog lub hom phiaj tshwj xeeb tshaj plaws. Lub Plaub Hlis 2022, BAYC Instagram account yog hacked los ntawm scammers uas tau hloov cov neeg raug tsim txom mus rau qhov chaw uas tso lawv lub hnab nyiaj Ethereum ntawm crypto thiab NFTs. Qee 91 NFTs, nrog tus nqi sib xyaw ntawm ntau dua $ 2.8 lab, raug nyiag lawm. Lub hlis tom qab, a Discord exploit pom NFTs muaj nqis 200 ETH raug nyiag los ntawm cov neeg siv.
Cov neeg tuav BAYC uas muaj npe nrov tau poob raug kev dag ntxias, ib yam nkaus. Lub Tsib Hlis 17, tus neeg ua yeeb yam thiab tus tsim khoom Seth Ntsuab tweeted tias nws yog tus neeg raug tsim txom los ntawm phishing kws txuj ci dag uas ua rau tub sab ntawm plaub NFTs, suav nrog Bored Ape #8398. Ntxiv nrog rau qhov tseem ceeb ntawm kev hem thawj los ntawm phishing tawm tsam, nws tuaj yeem ua rau muaj kev cuam tshuam ntawm NFT-themed TV / streaming qhia tau npaj los ntawm Green, "White Nees Tavern." BAYC NFTs suav nrog cov cai tso cai siv NFT rau kev lag luam, xws li hauv rooj plaub ntawm Ntsuag & tshaib plab Tsev noj mov ceev ceev hauv Long Beach, CA.
Xav tias kuv tau minting GutterCat clones- phishing txuas saib huv si
— Seth Green (@SethGreen) Tej zaum 17, 2022
Thaum lub Rau Hli 9 Twitter Spaces kev sib tham, Ntsuab hais tias nws tau rov qab tau cov JPEG raug nyiag tom qab them 165 ETH (ntau dua $ 295,000 thaum lub sijhawm) rau tus neeg uas tau yuav NFT tom qab nws raug nyiag lawm.
"Phishing tseem yog thawj vector ntawm kev tawm tsam," Luis Lubeck, tus kws tshaj lij kev nyab xeeb ntawm Web3 cybersecurity ruaj khov, Tshuas, hais Decrypt.
Lubeck hais tias cov neeg siv yuav tsum paub txog cov vev xaib cuav uas nug txog daim ntawv pov thawj ntawm lub hnab nyiaj, cloned txuas, thiab cov phiaj xwm cuav.
Raws li Lubeck, phishing kws txuj ci dag tuaj yeem pib nrog kev tsim kho kev sib raug zoo, qhia rau tus neeg siv txog qhov pib token thaum ntxov lossis tias lawv yuav 100x lawv cov nyiaj, API qis, lossis tias lawv tus account tau ua txhaum cai thiab yuav tsum tau hloov tus password. Cov lus no feem ntau tuaj nrog lub sijhawm txwv los ua, ntxiv rau tus neeg siv kev ntshai ntawm kev ploj mus, tseem hu ua FOMO.
Hauv Green rooj plaub, phishing nres tuaj ntawm qhov txuas cloned.
Xav tias kuv tau minting GutterCat clones- phishing txuas saib huv si
— Seth Green (@SethGreen) Tej zaum 17, 2022
Clone phishing yog qhov kev tawm tsam uas tus kws dag ntxias siv lub vev xaib, email, lossis txawm tias qhov txuas yooj yim thiab tsim cov ntawv ze-zoo meej uas zoo li raug cai. Ntsuab xav tias nws tau minting "GutterCat" clones siv dab tsi los ua lub vev xaib phishing.
Thaum Green txuas nws lub hnab nyiaj rau lub vev xaib phishing thiab kos npe rau kev hloov pauv rau mint NFT, nws tau muab cov neeg nyiag nkag mus rau nws tus yuam sij ntiag tug thiab, dhau los, nws Bored Apes.
Hom Cyber Attacks
Kev ruaj ntseg ua txhaum cai tuaj yeem cuam tshuam rau cov tuam txhab thiab cov tib neeg. Txawm hais tias tsis yog ib daim ntawv teev npe tiav, cyberattacks tsom Web3 feem ntau poob rau hauv pawg hauv qab no:
- ? phishing: Ib qho ntawm cov qauv qub tshaj plaws ntawm cyberattack, phishing tawm tsam feem ntau tuaj hauv daim ntawv email thiab suav nrog kev xa cov kev sib txuas lus dag xws li cov ntawv thiab cov lus ntawm kev sib raug zoo uas tshwm sim los ntawm lub npe nrov. Qhov no cybercrime kuj tseem tuaj yeem nqa daim ntawv ntawm kev cuam tshuam lossis ua phem rau lub vev xaib uas tuaj yeem tso cov crypto lossis NFT los ntawm lub hnab nyiaj txuas nrog browser thaum lub hnab nyiaj crypto txuas nrog.
- ?☠️ ib malware: Luv luv rau siab phem software, lub kaus no lub sij hawm npog ib qho kev pab cuam los yog code teeb meem rau lub tshuab. Malware tuaj yeem nkag mus rau lub kaw lus los ntawm phishing emails, ntawv nyeem, thiab cov lus.
- ? Cov websites cuam tshuam: Cov vev xaib raug cai no raug nyiag los ntawm cov tub sab nyiag thiab siv los khaws cov malware uas tsis xav tias cov neeg siv rub tawm thaum lawv nyem rau ntawm qhov txuas, duab, lossis cov ntaub ntawv.
- ? URL Spoofing: Tshem tawm cov vev xaib cuam tshuam; spoofed websites yog cov chaw phem uas yog clones ntawm cov websites raug cai. Kuj hu ua URL Phishing, cov chaw no tuaj yeem sau cov npe siv, passwords, credit cards, cryptocurrency, thiab lwm yam ntaub ntawv tus kheej.
- ? Fake Browser Extensions: Raws li lub npe qhia, cov kev siv dag zog no siv cov browser cuav txuas ntxiv rau dupe crypto-cov neeg siv nkag mus rau hauv lawv cov ntawv pov thawj lossis cov yuam sij rau hauv qhov txuas ntxiv uas muab kev nkag mus rau cybercriminal rau cov ntaub ntawv.
Cov kev tawm tsam no feem ntau yog tsom rau kev nkag mus, nyiag, thiab rhuav tshem cov ntaub ntawv rhiab lossis, hauv Green's case, Bored Ape NFT.
Koj tuaj yeem ua dab tsi los tiv thaiv koj tus kheej?
Lubeck hais tias txoj hauv kev zoo tshaj los tiv thaiv koj tus kheej los ntawm phishing yog tsis txhob teb email, SMS ntawv, Telegram, Discord, lossis WhatsApp lus los ntawm tus neeg tsis paub, tuam txhab, lossis tus account. "Kuv yuav mus ntxiv dua qhov ntawd," Lubeck ntxiv. "Tsis txhob nkag mus rau daim ntawv pov thawj lossis cov ntaub ntawv tus kheej yog tias tus neeg siv tsis tau pib kev sib txuas lus."
Lubeck pom zoo kom tsis txhob nkag mus rau koj daim ntawv pov thawj lossis cov ntaub ntawv ntiag tug thaum siv pej xeem lossis sib koom WiFi lossis network. Tsis tas li ntawd, Lubeck qhia Decrypt hais tias tib neeg yuav tsum tsis txhob muaj qhov tsis tseeb ntawm kev ruaj ntseg vim tias lawv siv cov kev khiav hauj lwm tshwj xeeb lossis hom xov tooj.
"Thaum peb tham txog cov kev dag ntxias no: phishing, webpage impersonation, nws tsis muaj teeb meem yog tias koj siv iPhone, Linux, Mac, iOS, Windows, lossis Chromebook," nws hais. “Npe lub cuab yeej; Qhov teeb meem yog qhov chaw, tsis yog koj lub cuab yeej. "
Khaws koj cov crypto thiab NFTs nyab xeeb
Cia peb saib ntxiv "Web3" phiaj xwm nqis tes ua.
Thaum ua tau, siv kho vajtse lossis cua-gapped lub hnab khaws cov cuab tam digital. Cov cuab yeej no, qee zaum tau piav qhia tias yog "kev cia txias," tshem koj lub crypto txiaj hauv internet kom txog thaum koj npaj siv nws. Thaum nws muaj ntau thiab yooj yim siv browser-raws li hnab nyiaj nyiam MetaMask, nco ntsoov, txhua yam txuas nrog hauv internet muaj peev xwm raug hacked.
Yog tias koj siv lub xov tooj ntawm tes, browser, lossis lub hnab nyiaj desktop, tseem hu ua lub hnab nyiaj kub, rub tawm lawv los ntawm cov chaw haujlwm xws li Google Play Store, Apple's App Store, lossis cov vev xaib raug pov thawj. Tsis txhob rub tawm los ntawm cov ntawv txuas xa los ntawm cov ntawv lossis email. Txawm hais tias cov apps phem tuaj yeem nrhiav lawv txoj hauv kev mus rau hauv cov khw muag khoom, nws muaj kev nyab xeeb dua li siv cov kev sib txuas.
Tom qab ua tiav koj qhov kev sib pauv, txiav lub hnab nyiaj ntawm lub vev xaib.
Nco ntsoov khaws koj cov yuam sij ntiag tug, cov kab lus noob, thiab cov passwords ntiag tug. Yog tias koj raug hais kom qhia cov ntaub ntawv no los koom nrog kev nqis peev lossis minting, nws yog kev dag ntxias.
Tsuas yog nqis peev rau tej yaam num uas koj nkag siab. Yog tias nws tsis paub meej tias lub tswv yim ua haujlwm li cas, nres thiab ua kev tshawb fawb ntxiv.
Tsis quav ntsej cov tactics siab thiab nruj sijhawm. Feem ntau, cov scammers yuav siv qhov no los sim thiab thov FOMO thiab tau txais cov neeg raug tsim txom tsis txhob xav txog lossis tshawb fawb txog qhov lawv tau hais.
Qhov kawg tab sis tsis kawg, yog tias nws suab zoo dhau los ua qhov tseeb, nws yog qhov kev dag ntxias.
Nyob rau saum cov xov xwm crypto, tau txais kev hloov tshiab txhua hnub hauv koj lub inbox.
Tau qhov twg los: https://decrypt.co/resources/cybersecurity-in-web3-protecting-yourself-and-your-ape-jpeg