Web3 and other blockchain-powered markets are still in their infancy, with most of the underlying technologies, economic models and coding architectures still being improved, tested and updated. While this is normal for an emerging market and technology, there are always loopholes that bad actors can exploit and target to attack their victims. In particular, with social engineering tactics, scammers manipulate users’ emotions and create a sense of trust and urgency.
At the beginning of 2023, bug bounty platform Immunefi estimated that the Web3 ecosystem lost around $3.9 billion to scams and hacking attacks in 2022, with decentralized finance (DeFi) being the most targeted sector, suffering 80% of the calculated losses.
Losses by quarter in 2022. Source: Immunefi Report
In the ever-evolving landscape of blockchain technology, two pivotal issues stand out that demand users’ attention and solution-oriented approach. The first revolves around the stealthy seizure of token approvals, often unbeknownst to actual contract owners. This practice leverages complex contract features to manipulate token approvals without alerting the rightful owner, thereby compromising the security and integrity of their digital assets.
The second significant hurdle before Web3 users comes in the form of scam tokens. These fake digital assets aim to mimic popular projects and deceive investors. When popular Web3 projects share the contract addresses of their tokens upon release on social media, users can go to a marketplace and find the token by its contract address. At this stage, malicious individuals can create fake tokens with names and addresses that are similar to the real ones, which may pop up in the search results on a marketplace and
Read more on cointelegraph.com