More you Socialfi, More precautions you need to safeguard your money.
News of the Stars Arena (an Avalanche Social app and just couple of weeks old) is one of the trending news in the crypto circles after it was drained of $3M in Avax tokens. This was done by exploiting the smart contract and the hacker drained all the funds from the contract.
More I dive into this news, I come across another platform known as FriendTech which is the predecessor of the Stars Arena (as Star Arena was forked from it.) and I found that a lot of users in Friend Tech has lost funds by SIM SWAP attack amounting to more than couple of thousand dollars. In this attack there is no hack of the smart contract but instead, user information that is obtained by other means is leveraged against the user to break the Authentication and drain the user of its funds.
What is a SIM SWAP attack?
In SIM SWAP attack, service of the original user is transferred to other SIM that is controlled by hacker and all the network traffic get diverted to this new Sim. Hacker is able to do this by tricking cellular service provider (probably by sharing confidential information that hacker might gained by scraping your profile or adopting social engineering.)
Other attacks.
SIM Swap looks a little technical but there are so many simple attacks spearheaded by social engineering and can be easily dodged. These simple attacks include luring someone into a phishing link, calling the person directly impersonating the bank/government official, and asking for confidential information and OTP received in your phone. In some scenarios, thieves even used "Enjoying Vacation" posts on social media to rob the homes of the victims.
More precautions needed in SocialFi.
If the social profile and the digital wealth get linked together in an account, then it definitely needs more precaution to keep your account safe as well as your digital wealth. Whatever is in the blockchain is in public eyes and you can do little but at least avoid sharing other confidential information. I am just wondering about all those Facebook/Meta posts, where friends wished me birthday and I acknowledged my number of years. Just wondering, how easily I gave my Date of Birth which acts as one of the key identifiers along with my name in many documents.
My 2 cents.
We cannot ensure 100% but at least we take many precautions that make the attack harder, so it will mitigate the risk of being attacked in the very first place. Few of the points I can think of are as below:
a.) Device security: No downloading of untrusted software and have some antivirus and anti-malware installed in the device to detect if something unusual happening.
b.) No clicking of unknown links and putting details as it can be a phishing link.
c.) Do not rush: If something looks fishy, then stop, try to validate/verify first before giving out any information.
d.) Spreading the wealth/money in multiple places is also a good idea, not to keep all eggs in one basket.
e.) I think investing high amount in an immature platform is very risky, especially where the team is unknown, tech is new and not thoroughly checked for security vulnerabilities and no set of regulations and guidelines exist.
f.) Do not overshare: Share the info that is needed, I guess giving our DOB and phone numbers and address readily to unknown/unofficial platforms is really putting us at risk.
g.) Differentiation in social and banking/government details: I think keeping different set of mail IDs, and different phone numbers for ur official and unofficial use further mitigate the risk, where the official email id and phone number is never shared with unknown/unofficial platforms.
Hope you have enjoyed it and please feel free to share your views.
Posted Using LeoFinance Alpha
