Play-to-earn games, one of the biggest revolutions of Web3, are increasingly attracting hackers, who attempt to steal funds by attacking smart contracts.
Hackers and Web3 gaming: strengths and vulnerabilities
The so-called Web3 is revolutionizing the world of gaming, in particular through play-to-earn, which allows gamers to earn NTFs and cryptocurrencies by linking their virtual wallet to the platform they play on.
The possibility of earning money by playing games attracts more and more users and companies, with turnover rising to EUR 2.2 billion.
However, this also attracts the attention of hackers, who are finding new ways to attack these games in an attempt to steal funds from players. An example of this is the well-known attack that stole over 600 million dollars from the video game Axie Infinity in cryptocurrencies and stablecoins.
Ermes – Intelligent Web Protection conducted research to monitor this phenomenon. It is an Italian company selected by Gartner as one of the top 100 global companies that exploit artificial intelligence for cybersecurity.
The fact is that in Web3 games, users can operate in an environment not controlled by a central authority. According to Ermes, this exposes youngsters to inappropriate content and hides the risk of scams, data manipulation and identity cloning.
The 5 cyber threats identified by Ermes’ research
Cryptojacking
The first is actually an attack that has already been around for several years. It is known as cryptojacking, an attack that aims to install software on users’ devices that allows them to use their computing power to mine cryptocurrencies.
It is an attack designed to remain completely hidden from its victims, so much so that often the only thing they notice is a significant slowdown in the operation of the device.
It is an attack that effectively robs the user of resources such as electricity and computing power in order for the hacker to make money through mining.
The social engineering scam
The second is now a classic online scam, the so-called social engineering. This involves mainly psychological techniques that exploit certain known human weaknesses in order to consciously or unconsciously gain access to personal information or protected systems from the user.
It is to all intents and purposes based on the manipulation of victims, usually through a pretext or a false motive that usually involves real data of the victims, such as date of birth, social security number, etc.
The goal is to acquire information either for resale on the dark web, or more often to gain access to systems and platforms on which to carry out other thefts of funds or information.
The famous ransomware
The third has become all too familiar of late, namely ransomware. Quite simply, this is a virus that takes control of the user’s device and encrypts the data stored on it. In this way, the user loses access to his device, and the hacker then demands a ransom to return it to him.
However, it is important to mention that large companies are usually the preferred target of ransomware, from which large sums of money are demanded as ransom.
The threat of adware
A threat that is often underestimated is adware, i.e. seemingly harmless viruses that, once installed on users’ devices, merely show advertisements. Adware is unwittingly and unknowingly downloaded by users, and is usually also programmed to collect information on what the user does on his device.
Not only do they make them display unsolicited advertisements, but they also send the hacker the information collected directly on the user’s device.
A complex phishing technique
The fifth threat is relatively new, and consists of a phishing technique that is very difficult to detect. It is called browser-in-the-browser, and allows attackers to superimpose fake login screens on normal web pages of legitimate services, which only serve the hacker to get the user to unwittingly give him his login credentials.
If, for instance, they were to obtain the seed of a crypto wallet in this way, they could then use it to steal all the funds held in it from the user.
Speaking of these findings, Ermes CEO and co-founder Lorenzo Asuni said:
“Artificial intelligence will play a dominant role in the evolution of Web3. One of the keys to the potential success of gaming 3.0, in fact, is the promise of highly immersive experiences even for people with disabilities: we are no longer talking about simple video games, but increasingly immersive experiences capable of breaking down the boundaries between the offline and online worlds and creating a single reality. Our R&D team will be focused on devising new safety technologies designed to protect people in a new experience: we believe that everyone has the right to be able to navigate safely, even in gaming 3.0”.
Source: https://en.cryptonomist.ch/2022/05/28/different-hackers-web3/