Complex Social Engineering Scams

Written By DeFi Metrics Editorial Team

Staying safe in the wild west of DeFi; scammers set up a fake website, fake wallet, and fake NFTs to target one high-profile DeFi user. Let's talk about the implications.

Last weekend, @thomasg.eth posted a corker of a Twitter thread providing a postmortem of a fascinating (and involved) attempted hack on himself by some pretty sophisticated actors.

The combination hack and social engineering scam lasted two weeks and nearly saw Thomas fall victim to a scam where the perpetrators would have been able to drain his primary ETH wallet. For the incredible story, take a look through his tweets; it's clear that this was not only a highly sophisticated attack, but also a complicated ruse that would have had to involved multiple players, some background research, and then some considerable work setting up the individual pieces and putting the plan into motion.

The first takeaway is that Thomas is a really smart dude who, despite coming close to falling victim, made some really savvy moves that ultimately prevented the loss of his funds. The second major takeaway, is that hackers are getting increasingly sophisticated, and bold enough to target specific, high-profile users in the space. The story makes clear that anyone with a public profile in crypto needs to be especially vigilant in safeguarding against these kinds of attacks which involve a social component. Protecting your devices and network is one thing, but users also need to think about the kinds of sophisticated attacks that rely on social engineering and some knowledge of the target's work and/or personal life.

The other thing to think about is the technical knowledge and sophistication that Thomas had in order to be able to prevent his loss of funds. It was only when he reviewed the code in question that he recognized the potential threat involved. How many users would be able to spot such a threat and understand the implications? It's pretty clear that many high-profile people in crypto – from certain investors to media figures – lack this knowledge. I certainly wouldn't want to rely on my own ability to audit code to identify a potentially malicious function.

Remaining vigilant and staying mindful of the unique threats associated with the self-custody of crypto assets is paramount for all investors in the space. Relying on threats to be unsophisticated and easy to spot is a recipe for disaster. Take a lesson from Thomas' incredible experience and stay safe out there.

DeFi Metrics Editorial Team https://defimetrics.com
Previous

Freezing Funds and Special Powers