Phishing has been a long-standing threat in web2 environments. In web3, the process is similar: malicious actors use fake interfaces that mimic legitimate platforms, tricking users into revealing private keys or signing malicious transactions. These attacks rely on web2 weaknesses, such as spoofed domain names and fraudulent emails, to deceive users into thinking they are interacting with a legitimate decentralized platform. For example, a phishing scheme targeting a DeFi platform might use a spoofed web2 website to compromise web3 wallets and steal funds. Consequently, the overlap of these two networks creates new ways for bad actors to blend traditional phishing attacks with new technologies, posing significant threats for users who assume decentralization alone protects them.
- 0 replies
- 0 recasts
- 0 reactions
After having explored the main features of Kraken in June, the leading Web3 education hub Bitdegree continues its exploration of the crypto exchange by introducing a new Mission focused on staking. Staking is the process of either holding or locking up a certain amount of crypto assets in a specially designated crypto wallet. On Kraken, there are two staking options: on-chain and opt-in. The Mission delves into this feature through a gamified learning experience, while also offering an opportunity to win prizes. Participants who complete the Mission by September 12 will be entered into a Lucky Draw for a chance to become one of 20 lucky winners who will share a prize pool of 100 USDC. Having a higher amount of Bits, which are points that are earned by answering Mission questions correctly and completing tasks, increases a user's odds of winning in the Lucky Draw.
- 0 replies
- 0 recasts
- 0 reactions
According to dYdX, the attack has not compromised or impacted any funds traders already have on dYdX. This is because only the web domain was targeted, not the underlying smart contracts on the platform. dYdX urged users not to visit the domain or click suspicious links and clarified that dYdX v4 was not impacted or compromised. “We just learned that dYdX Exchange has been compromised. Please do not visit the website or click any links until further notice. An update will be provided when available. This message does not relate to dYdX v4.” In a separate announcement on Discord, dYdX stated that the attacker had taken over the v3 domain and deployed a copy-cat website. When users connected their wallets to the website, it asked them to approve a PERMIT2 transaction to steal their tokens.
- 0 replies
- 0 recasts
- 0 reactions