The Badger DAO attack last November and December—during which an attacker stole about $121 million from users—is a good example of “ice phishing” on the blockchain. If that term conjures up images of plaid and puffy coat-clad folks huddled around a hole atop a frozen Minnesota lake, well, that image wouldn’t be too far off-base.
Ice phishing has the same chilling effect to defenders as standing on a North Country lake dropping a line through the ice, at least according to details provided in a blog post by Chris Seifert, principal research manager and a member of the Microsoft 365 defender research team, who argued that the Badger DAO incident is further evidence that security must be built into Web3, even though it’s still in its early phases.
The ice phishing technique Seifert referred to “entails tricking a user into signing a transaction that delegates approval of the user’s tokens to the attacker,” he wrote. “This is a common type of transaction that enables interactions with decentralized finance (DeFi) smart contracts, as those are used to interact with the user’s tokens (e.g., swaps),” Seifert said.
Once “approval has been granted, it permits the Uniswap V3: Router 2 smart contract to transfer USDC tokens on the user’s behalf to execute the swap,” he said. “In an ‘ice phishing’ attack, the attacker merely needs to modify the spender address so that it is the attacker’s address. This can be quite effective, as the user interface doesn’t show all pertinent information that can indicate that the transaction has been tampered with.”
After an approval transaction is “signed, submitted and mined, the spender can access the funds. In case of an ‘ice phishing’ attack, the attacker can accumulate approvals over a period of time and then drain all victim’s wallets quickly,” said Seifert, which is exactly what happened with Badger DAO.
“The attacks outlined by Microsoft take advantage of the ‘need for speed’ in the cryptocurrency and Web 3.0 world—both in the exploitation of urgency and loss aversion to socially engineer the user and convince them to sign the transaction and in the omitted security controls which allowed access to Badger’s CDN and the injection of malicious code in the first place,” said Casey Ellis, founder and CTO at Bugcrowd. “Speed is the natural enemy of good security, unless security fundamentals, including continuous feedback from the security research community and continuous education of the user to ‘make secure easy, and insecure obvious,’ are baked in from the start.”
While Web2 users are typically nicked by using a number of phishing emails to direct users to an illegitimate website, Web3 attackers typically employee different tactics to coax cryptocurrency users to cough up private keys, including, Seifert said:
- Monitoring social media for users reaching out to wallet software support and jumping in with direct messages spoofing support to steal one’s private key directly
- Distributing new tokens for free to a set of accounts (i.e., “Airdrop” tokens), and then failing transactions on those tokens with an error message to redirect to a phishing website or a website that installs coin mining plug-ins that steal your credentials from your local device
- Typosquatting and impersonating legitimate smart contract frontends
- Impersonating wallet software and stealing private keys directly
Hank Schless, senior manager, security solutions at Lookout, noted that phishing attacks are always evolving, and said ice phishing showed that “attackers are again adjusting their tactics to target individuals in the new Web3 world.”
Since Web3 is a new concept, “attackers can rely on the unfamiliar environment to increase the likelihood of success,” said Schless. “This is a common tactic, as targeted individuals may not know exactly what red flags to look for in the same way they do with a suspicious social media message.”
“Web3 reflects an architectural shift decentralizing management of platforms,” said Archie Agarwal, founder and CEO at ThreatModeler. “As platforms decentralize, the organizations that manage them will have to find ways to federate replacement controls for those they had centrally deployed. Whereas a legacy cash app may have incorporated contract verification, fraud detection or customer remedy; the mitigation described for the Badger UI exploitation is for users to conduct manual verification of proposed contracts on their own using a third-party app.”
As a result, “when organizations design such tectonic shifts in their architecture (like the aggressive decentralization of Web3), it’s incumbent on them to model the threats and adjust their security controls that such a shift will expose,” said Agarwal. “In the case of the Badger UI exploitation, the coin platform simply hasn’t designed and incorporated the controls necessary for the user to validate an action in their untrusted UI before transferring their coin assets.”
To safeguard against ice phishing attacks, Microsoft’s Seifert said Web3 projects and wallet providers should boost usability so that users are able to review the smart contract they are interacting with and be able to answer the following questions.
- Is the contract address correct? Unfortunately, one can’t rely on the smart contract front-end to interact with the right smart contract. One needs to check the contract address that appears in the transaction to be signed before it is submitted. This is an area where wallet providers can innovate and add a layer of security.
- Has the smart contract been audited? Several websites can help with that assessment, such as defiyield.
- Is the contract upgradable (in other words, is it implemented as a proxy pattern) such that when bugs are uncovered, the project can deploy fixes? Etherscan’s contract tab shows whether the smart contract has been implemented as a proxy.
- Does the smart contract have incident response or emergency capabilities, like pause/ unpause? Under what conditions are these triggered?
- What are the security characteristics of the smart contract after deployment? CertiK Skynet tracks post-deployment security intelligence through on-chain monitoring.
Seifert also recommended making it easier for users to manage cryptocurrencies and tokens through multiple wallets and/or periodically review and revoke token allowances.