With millions of dollars worth of assets being lost to phishing attacks after signing malicious permissions, the threat of losing crypto assets to questionable links is very real. When these are paired with platforms that allow hidden links, users are subjected to a different kind of risk.
On Sept. 4, Web3 security provider Pocket Universe shared how scammers are able to hide wallet drainer links in any text on the instant messaging platform Discord. While some users report that the feature has only been enabled for Discord users recently, the ability to embed links in any text has been available on many different social platforms for a while now.
Scammers can now hide links in any discord text ☠️
Watch out for hidden wallet drainer links
e.g. 👇 pic.twitter.com/mgqG18sOF9— Pocket Universe 🟣 (@PocketUniverseZ) September 4, 2023
Christian Seifert, who works as a researcher in residence at Web3 security firm Forta Network, said that this type of attack has been the bread and butter of hackers since the internet was created. He explained:
“Whatever a platform creates, there will be a hacker ready to find a way to hack it. Hyperlinks with text are a feature supported as part of HTML and have been a source for phishing attacks since the early days of the internet.”
According to Seifert, security requires an in-depth defense approach. “Both platforms and users need to work towards protecting themselves,” he said. From the user’s side, the security professional highlighted that there are plugins that they can use to protect themselves from such scams.
When it comes to Discord, Seifert pointed out that the platform does provide information on the true destination of the URL after the user clicks on it. However, the platform also allows users to “trust” a domain going forward. This can be abused by scammers, according to Seifert. He explained:
“Imagine a domain like foo.bar, which the user trusted. A scammer can craft a potentially malicious link that performs some action on this domain, such as an ‘oauth’ request to the scammer, like foo.bar/oauth/scammer-account.”
The cybersecurity professional said that an issue with the platform’s current implementation is that links and text can be deceptive and misaligned with users’ expectations. “If a text link clearly resembles a domain or URL and it is mismatched to the true destination URL, Discord should disallow such links,” he added.
Meanwhile, Hugh Brooks, director of security operations at the blockchain security firm CertiK, echoed some of Seifert’s sentiments. According to Brooks, users and platforms have a collective responsibility to watch out for malicious actors. He explained that it’s essential for platforms to continually review and refine their security features and for users to stay vigilant and educated.
For users, Brooks said that they should be proactive and cautious when it comes to links, especially when being asked for signatures and permissions. The executive urged users to verify the authenticity of the site address before giving it access to crypto wallets. Brooks shared:
“A good practice is to cross-check web addresses with recognized phishing warning lists. PhishTank, Google Safe Browsing and OpenPhish are valuable resources here, along with browser extensions like HTTPS Everywhere and ad blockers like uBlock.”
Brooks explained that these tools can alert users in real time whenever they are about to visit known phishing or malicious websites. “Furthermore, by simply hovering over a URL link, the actual web address will be displayed, allowing users to confirm its legitimacy before engaging further,” he added.
On the platform’s side, the cybersecurity professional said that there are measures that can be implemented, such as being able to only receive messages from trusted contacts. Brooks said that a good example of this is Meta’s “Facebook Protect,” which lets users have heightened security features for their accounts.
“As the saying goes, the only constant is change. Platforms owe it to their users and to their continued relevance to make security a priority. This involves not only updating security measures but also fostering a culture of vigilance and awareness among users,” he added.
