Researchers believe that social engineering attacks will become more prevalent on web3 and metaverse. Web3 is a concept that has been coined to describe what might be the internet’s future face. The web has evolved from content-rich sites to the rise of social media. Now, under the Web3 banner, the notion of a decentralized internet is being debated.
The ‘metaverse,’ a 3D environment and virtual world for enhancing social relationships, whether personal or professional, might be a part of this shift. Cryptocurrency wallets, Non Fungible Tokens (NFTs), and numerous smart contracts may all be connected to your metaverse ID. While technology providers work on these concepts, Cisco Talos cybersecurity researchers have shared their thoughts on the vulnerabilities that Web3 and the metaverse may face.
The recent phishing wave that hit OpenSea users, in which victims were tricked into signing off on harmful contract transactions and turning up their NFTs, may point to the kind of attacks we’ll see more of in the future. The team’s initial topic of discussion was the usage of the Ethereum Name Service (ENS) and maybe other similar services to compress wallet addresses into a format that can be readily memorized.
As so many of us anticipate the future worth of ENS domains and register them, like ‘businessname.eth,’ these addresses might be exploited in phishing attempts, especially since ENS domains are stored on the blockchain and cannot be simply withdrawn due to trademark conflicts. Furthermore, users who register an ENS domain may include their identities, deanonymizing an address and communicating to others how much money they have in their bitcoin wallet, thereby raising their chance of being targeted by a threat actor.
Cisco Talos conducted a quick search of .ENS domain holders who made their address public and discovered a handful of ‘whales’ with large amounts of bitcoin and some very profitable NFTs. Many holders also publish their hometowns, complete names, and social media accounts, providing attackers with a more comprehensive image of people to target in social engineering schemes. Because Web3 is a novel idea that will take time for consumers to grasp, a general lack of understanding may render them more vulnerable to frauds and fraud.
While Web3 is still under development, it is worth your time to become acquainted with it, especially if you want to explore the decentralized world in the future. Basic security precautions, password managers, multi-factor authentication (MFA), and, most crucially, never handing away your seed phrases are all recommended by Cisco Talos.