Blockchain News

5 Sneaky Tricks Crypto Phishing Scammers Used Last Year: SlowMist

SlowMist discovered that nearly a third of the 303 recorded blockchain security incidents in 2022 were made up of phishing attacks, rug pulls, and scams.

SlowMist, a blockchain security firm, has identified five common phishing techniques used by crypto scammers on victims in 2022, including malicious browser bookmarks, phony sales orders, and trojan malware spread via the messaging app Discord.

According to a Jan. 9 SlowMist blockchain security report, the security firm recorded 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull, or other scams.

One of the phishing techniques makes use of bookmark managers, which are available in most modern browsers.

According to SlowMist, scammers have been using these to gain access to a project owner’s Discord account.

“Attackers can potentially gain access to a Discord user’s information and take over the permissions of a project owner’s account by inserting JavaScript code into bookmarks via these phishing pages,” the firm wrote.

After guiding victims through a phishing page to add the malicious bookmark, the scammer waits until the victim clicks on the bookmark while logged into Discord, which activates the implanted JavaScript code and sends the victim’s personal information to the scammer’s Discord channel.

During this process, the scammer can steal a victim’s Discord Token (the encrypted combination of a Discord username and password) and gain access to their account, allowing them to post fake messages and links to other phishing scams while posing as the victim.

According to SlowMist, 22 of the 56 major NFT security breaches were the result of phishing attacks.

One of the more common methods used by scammers is to trick victims into signing over NFTs for next to nothing by using a phony sales order.

After the victim signs the order, the scammer can buy the user’s NFTs through a marketplace at a price they set.

“Unfortunately, deauthorizing a stolen signature through sites like Revoke is not possible,” SlowMist wrote.

“However, you can deauthorize any previously set up pending orders, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature.”

According to SlowMist, this type of attack typically occurs via private Discord messages in which the attacker invites victims to participate in testing a new project before sending a program in the form of a compressed file containing an executable file of approximately 800 MB.

Following the download, the program will scan for files containing key phrases such as “wallet” and upload them to the attacker’s server.

“”The latest version of RedLine Stealer can also steal cryptocurrency by scanning for installed digital currency wallet information on the local computer and uploading it to a remote control machine,” said SlowMist.

“In addition to stealing cryptocurrency, RedLine Stealer can upload and download files, execute commands, and send back periodic information about the infected computer.”

Scammers can use your private key to sign any transaction they want using this phishing attack. When you connect your wallet to a scam site, a signature application box with a red warning from MetaMask may appear.

After signing, attackers gain access to your signature, allowing them to create any data and request that you sign it using eth sign.

“This type of phishing can be extremely perplexing, particularly when it comes to authorization, “said the company.

In this scam, attackers airdrop small amounts of tokens, such as.01 USDT or 0.001 USDT, to victims with similar addresses, except for the last few digits, in the hopes of tricking users into accidentally copying the wrong address in their transfer history.

The remainder of the 2022 report focused on other blockchain security incidents that occurred during the year, such as contract vulnerabilities and private key leakage.

In the year, there were approximately 92 attacks using contract vulnerabilities, totaling nearly $1.1 billion in losses due to flaws in smart contract design and hacked programs.

Private key theft, on the other hand, accounted for roughly 6.6% of attacks and resulted in at least $762 million in losses, with the Ronin bridge and Harmony’s Horizon Bridge hacks serving as prominent examples.


Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.