(also phishing on the blockchain)
Ice phishing definition
Ice phishing is a type of scam targeting the people who use cryptocurrency or the blockchain. The goal is to trick a user to sign a malicious smart contract that would let the attacker steal cryptocurrency tokens from wallets and send them to their own address instead of the rightful owner’s address.
How to protect yourself against ice phishing:
- Access dApps (decentralized apps that run on blockchain) and services through confirmed URLs to avoid phishing and domain squatters.
- Double-check the address on your smart contract regularly, both on the contract’s front-end appearance and in transaction details elsewhere.
- Opt for smart contract auditing to ensure the security and correctness of your contracts.
- When signing a transaction using Metamask or any wallet, carefully review the transaction details to confirm it performs the desired actions.
- For long-term holdings like valuable NFTs, store them in cold storage, while keeping cash for transactions and active dApps in a separate hot wallet.
- Look for incident response buttons like pause/unpause in your smart contracts for better control.
- When sending payments or granting access to crypto assets, verify the contract hash using Etherscan or blockchain analytics to ensure it’s the correct entity.
- Always interact with official corporate employees and be cautious of anyone claiming to be customer support on social media or Discord. Verify with the project via recognized email and social media channels if in doubt.