CertiK warns of bogus STFX and Blur.io airdrops
Security firm CertiK has alerted users of the popular SocialFi marketplace STFX to potential ice phishing activity.
In a Feb. 22 tweet, the company said it detected a fake STFX airdrop conducted by an externally owned account (EOA) on the Ethereum (ETH) network.
Users cautioned against interacting with harmful link
CertiK warned STFX users not to interact with the address since it was allegedly associated with other fake airdrop scams.
The on-chain monitoring platform further advised anyone who had interacted with the suspicious wallet to revoke any permissions they had granted immediately.
The alleged attackers reportedly lured STFX users with a fake link to a landing page that looked eerily similar to the actual STFX website. The mocked-up website asks potential victims to claim their airdrop reward by connecting their wallets.
Beware of fake Blur.io airdrop
At the same time, CertiK has warned Blur.io users of a fake airdrop URL. According to Certik, the URL can potentially drain any wallet with which it interacts.
The company suggested Blur.io users be extra vigilant since bad actors could take advantage of the NFT aggregator’s highly successful airdrop to lure unsuspecting victims into thinking it was a continuation of the same.
Analysts believe the recent growth of Blur’s NFT market share could usher in a spate of con artists looking to defraud eager Blur users of their hard-earned money.
Ice phishing scams on the rise
CertiK had warned against the rise in ice phishing scam cases while highlighting precautionary steps crypto enthusiasts could take to keep their funds secure in its most recent advice report to the web3 sector.
Ice phishing refers to a scamming method where bad actors trick crypto users into manually signing and authorizing permissions that give them access to their funds.
Once they have this authorization, the scammers can move money from the victims’ accounts to any other wallet address. It is not the case with conventional phishing scams, where hackers can obtain private keys or passwords by tricking unwary individuals into clicking on harmful links or visiting bogus websites.
CertiK has advised crypto users to avoid providing access to dodgy addresses requesting arbitrary permissions, especially when using blockchain explorer platforms like Etherscan.
Furthermore, the blockchain security firm stated that ice phishing schemes were most common on social media platforms such as Twitter, where phony personas advertise bogus airdrops while posing as legitimate projects.