In the so-called Metaverse or Web 3.0, a lot of things are supposed to be different. What’s left: Cybercriminals will also try to do their harm here. This is shown by analyzes from the cybersecurity branch of Cisco, Talos.
The Internet as we know it is evolving. Durability remains to be seen. In any case, the so-called Web 3.0 with blockchain, cryptocurrencies and decentralized data storage will provide the technical basis for the Metaverse, a new 3D virtual space for digital encounters and commercial as well as electronic exchanges. More and more users are already experimenting with NFTs (Non Fungible Tokens) or cryptocurrencies.
While the coming upheaval will be significant, one thing seems certain: the Metaverse will also be teeming with hackers, phishers, and scammers. Cisco Talos, the networking giant’s ICT security arm, analyzed the specific dangers that lie in wait for Web 3.0 and examined the new virtual space for its weaknesses. Conclusion: The Metaverse brings new technologies, but also old problems.
Web 3.0: playground for cybercriminals
Specifically, Cisco Talos lists the following security risks:
- ENS DNS Domains for Cryptocurrency Wallets. The chosen ENS (Ethereum Name Service) name could break anonymity and reveal the identity of the owner of the virtual wallet address. ENS names such as “DebbieSmith.eth” are often seen or found on Twitter profiles, which can determine that person’s credit and attract cybercriminals. 3.8% of .eth addresses found by Talos contained more than $100,000 in Ethereum, while 9% of addresses contained more than $30,000.
- Social engineering attacks, especially via social networks, where users are supposed to be tempted to act without thinking. It works particularly well with new technologies that users are not yet very familiar with. The attacks target, for example, wallet cloning, Metamask support scams and attacks on “whale” accounts with large amounts of cryptocurrencies.
- Malicious smart contracts. Attackers write their own malware, which resides on the blockchain in the form of malicious smart contract code. Examples include “sleepminting” (simulating the origin of the NFT) and attackers tricking users into providing access to their wallets without handing over the digital asset.
- Active attacks on keyphrases (Recovery Word List) and intentional spying on wallet seed phrases.