The developers of Scam Sniffer have issued an alert about a phishing attack affecting Usual Protocol users. Find out how this threat works and how you can protect yourself.
Recently, the developers of Scam Sniffer, a tool specialized in detecting scams in the Web3 ecosystem, issued an alert about a phishing attack affecting Usual Protocol users, a decentralized protocol that issues a stablecoin backed by real-world assets, designed to navigate the DeFi ecosystem.
According to the Scam Sniffer report, attackers are using fraudulent ads on google to trick users into redirecting them to fake websites. Their goal is to get them to connect their cryptocurrency wallets and Web3, which could result in their digital assets being stolen if they fall for it. The developers warn that these misleading ads can Compromise the security of cryptocurrency wallets by requesting malicious connections and transaction signatures.
Pudgy Penguins and Yat Siu, from Animoca Brands, also affected by phishing
Last week, Scam Sniffer also warned about A similar attack targeted Pudgy Penguins users, one of the most successful NFT collections in the crypto industry. In this ///, a user was redirected to a fake version of the official Pudgy Penguins website via a news portal in Singapore. This incident prompted a thorough investigation by the Scam Sniffer team, revealing that this was part of a broader malicious advertising campaign.
Reports about these campaigns highlight that attackers are employing sophisticated techniques to trick users into stealing their digital assets. Such attacks not only put Pudgy Penguins holders at risk but also serve as a warning to the entire crypto community, Scam Sniffer experts said. The methodology used is easily adaptable and could affect other projects in the crypto ecosystem. A recent example is the case of Yat Siu, co-founder of Animoca Brands, who was also the victim of a phishing attack a few days ago.
How does a phishing attack work?
The phishing attack targeting Usual Protocol users bears worrying similarities to the one that affected Pudgy Penguins users last week.
According to the Web3 platform report, these attacks are executed through a series of meticulously orchestrated steps, starting with the Posting malicious ads on the Google Ad NetworkExperts warn that although these ads appear legitimate, they are fraudulent and their sole purpose is to lure users to fake websites to steal their assets.
When you click on the fraudulent ad, it loads a malicious code that checks if the user has a Web3 wallet connected. If a Web3 wallet is detected, the user is automatically redirected to a fake website that mimics the official website of the projector, like Usual Protocol or Pudgy Penguins. Typically, the domain of these fraudulent sites features only a subtle but dangerous variation of the legitimate domain, designed to confuse users.
Once on the fake site, users are tricked into connecting their wallets or making transactions, allowing attackers to steal their funds.
Experts stress that this attack method has proven to be particularly effective because it exploits the trust that users have in recognized platforms and the Visual similarity between legitimate and fraudulent sitesTherefore, it is essential that the crypto community remains alert and takes preventive measures to protect its digital assets.
A methodology that could affect other projects in the crypto ecosystem
As mentioned above, the attack targeting Usual Protocol is not an isolated case. When the phishing attack was reported to Pudgy Penguins users, Scam Sniffer developers warned that the methodology employed by cybercriminals was flexible enough to be adapted to other projects within the Web3 ecosystem. Indeed, this type of attack has already affected prominent figures in the industry.
A recent example is the case of Yat Siu, co-founder of Animoca Brands, who fell victim to a phishing attack. According to blockchain researcher ZachXBT, the scam token used in the attack against Siu was deployed by the same address that has been linked to other phishing incidents in the past. This suggests that the attackers are using a coordinated strategy to exploit multiple projects and users in the crypto industry.
Security tips to protect yourself from phishing
With phishing attacks becoming more sophisticated, security experts, including the Scam Sniffer team, have issued a number of key recommendations to protect users.
First of all, they recommend to users Always check the URL before connecting your wallets or making any transactions. This is in order to ensure that they are on the official website. In addition, they recommend use an ad blocker, as they can help prevent the loading of malicious ads that could redirect users to fake websites.
Another important aspect that cybersecurity experts recommend is Use a separate web browser to manage your digital assets and cryptocurrenciesBy keeping a dedicated browser for cryptocurrency-related activities, users can reduce the risk of exposure to this and other threats in the sector.
In addition, they recommend Install security extensions, such as Scam Sniffer, which can help detect and prevent access to fraudulent websites. Finally, experts recommend that cryptocurrency users stay informed about the latest threats in the digital world, in order to become aware of the existing risks.
Safety is everyone's responsibility
The recent phishing attacks targeting Usual Protocol and Pudgy Penguins users is a stark reminder of the risks we face in the Web3 ecosystem. However, with the right tools and a proactive approach, we can minimize these risks and protect our digital assets.
Security is not just the responsibility of developers or platforms; it is a collective effort that requires the active participation of the entire community. That is why experts always recommend verifying URLs, using security tools, and staying informed about the latest trends and threats, in order to build a safer and more resilient ecosystem against cyber threats.
