Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Web3’s decentralized nature has paved the way for a new generation of applications based on the concept of digital ownership. But although decentralization is an enticing proposition for many, it also favors malicious individuals who can perpetrate hacks and scams with little fear of any comebacks.
Securing the brand from impersonators: Why is it crucial for Web3?
One of the biggest risks facing Web3 users today is brandjacking, where malicious actors use a combination of phishing attacks and fake websites to deceive users into connecting their wallets to a smart contract that immediately drains their funds.
Phishing itself is an old-school technique that involves sending an email or message to unsuspecting users. The message generally purports to be from an official source, such as a company’s customer service representative. It will usually try to trick users into clicking onto a link that takes them to the company’s “website”, but in fact it’s not the genuine article. Rather, it’s a fake website that’s designed to look and feel like the real thing, and the end goal is to try and get victims to enter their personal information, or in the case of Web3, connect their wallet to the site.
When victims connect their Web3 wallet to a fake website, the attackers gain unrestricted access to their funds and will invariably transfer the entire contents to the hacker’s personal wallet. Due to the decentralized nature of Web3, there’s very little anyone can do to recover their funds.
Such attacks are becoming alarmingly common. In Q1, 2023, an incident was reported that saw scammers clone the websites of the Ethereum blockchain explorer Etherscan and the crypto news platform Blockworks. It was a fairly elaborate scam, with the fake Blockworks site posting a headline about a multi-million dollar approvals exploit on the popular decentralized exchange Uniswap. Users who clicked the link and read the fake story were then encouraged to visit Etherscan and connect their wallets to rescind approvals and avoid becoming a victim.
However, an investigation by the blockchain security firm Beosin found that the Etherscan clone was linked to a wallet drainer, which is a malicious kind of smart contract that drains user’s funds as soon as they connect. Luckily, the drainer was set up incorrectly, and so the hackers were unable to steal anyone’s funds.
Although the hackers failed to steal anything in that particular case, it was not an isolated incident. Similar attacks recently saw scammers steal millions of dollars from crypto users by creating a fake version of the crypto media publication Decrypt, while a report from Netskope last year identified clones of numerous crypto exchange platforms, including Coinbase, Kraken and Gemini, as well as the popular crypto wallet MetaMask.
Web2 Steps Up To Aid Web3
Brands can protect themselves from such attacks to a degree using cybersecurity tools that will integrate a watermark on their websites, informing their users that they’re interacting with the official platform, but these kinds of solutions only go so far. For instance, many users might be unaware that the official website uses a watermark, meaning they won’t notice it is missing if ever they’re directed to a fake version.
The problem of brand impersonation is a glaring weakness that Web3 needs to solve if it’s ever to become mainstream, and so it’s somewhat ironic that Web2 cybersecurity firms like Memcyco are stepping up to solve this challenge for decentralized platforms.
Memcyco is focused on increasing digital trust between companies and their customers and can do the same for Web3 users. In addition to its personalized digital watermark technology, it also provides brands with real-time detection capabilities that can identify cloned websites as soon as they pop up online.
In this way, Memcyco is able to close the “window of exposure”, which refers to the time it takes for a fake site to be spotted and taken down after it goes live. Usually brands would not identify these fake sites until they start claiming victims (and in most cases not even then,) which means that the affected brand can only deal with such incidents after the event, and only after they have already suffered reputational damage.
Alongside its real-time detection capabilities, Memcyco also employs real-time “popups”, alerting unsuspecting users to the fact they’re actually on a suspicious website. This is extremely useful, because it can often take several weeks for companies to take down a cloned website, as the process involves having to prove to domain registrars that the site is fraudulent. Memcyco counteracts delays by ensuring its red alerts will notify anyone visiting the fake site until it is taken offline.
It’s time for Web3 brands to look into adopting these kinds of real-time detection services to protect their users and strengthen digital trust – even if they are “Web2 tools”. In the meantime, cautious users can minimize their chances of becoming the next victim by staying alert.
For anyone interacting with Web3, it’s vital to always be wary of unsolicited emails or messages that come from official-looking sources, including brands and influencers. If ever you’re invited to click on a link, always check that the URL is genuine.
Other precautions users can take include using a hardware wallet to store the bulk of their crypto funds and NFTs offline, where they cannot be stolen. Finally, be sure to keep yourself up to date with all of the latest crypto security news. Hackers are constantly innovating, and so the onus is on ourselves to be aware of the latest phishing techniques they’re using.
Alex Dovbnya
