With millions of dollars worth of assets being lost to phishing attacks after signing malicious permissions, the threat of losing crypto assets from questionable links is very real. When these are paired with platforms allowing hidden links, users are subjected to a different kind of risk.
On Sept. 4, Web3 security provider Pocket Universe shared how scammers are able to hide wallet drainer links on any text on the instant messaging platform Discord. While some users report that the feature has only been enabled for Discord users recently, the ability to embed links on any text has been available on many different social platforms for a while now.
Scammers can now hide links in any discord text ☠️
Watch out for hidden wallet drainer links
— Pocket Universe (@PocketUniverseZ) September 4, 2023
Cointelegraph reached out to several cybersecurity professionals to learn more about how users can protect themselves from such attempts and how platforms can improve their security so that users are not subjected to such attacks.
Christian Seifert, who works as a Researcher in Residence at Web3 security firm Forta Network, said that this type of attack has been the bread and butter of hackers since the internet was created. He explained that:
“Whatever a platform creates, there will be a hacker ready to find a way to hack it. Hyperlinks with text are a feature supported as part of HTML and have been a source for phishing attacks since the early days of the internet.”
According to Seifert, security requires an in-depth defense approach. “Both platforms and users need to work towards protecting themselves,” he said. From the user’s side, the security professional highlighted that there are plugins that they can use to protect themselves from such scams.
When it comes to Discord, Seifert pointed out that the platform does provide information on the true destination of the URL after the user clicks on it. However, the platform also allows users to “trust” a domain going forward. This can be abused by scammers according to Seifert. He explained:
“Imagine a domain like foo.bar which the user trusted. A scammer can craft a potentially malicious link that performs some action on this domain, such as an oauth request to the scammer, like foo.bar/oauth/scammer-account.”
The cybersecurity professional said that an issue with the platform’s current implementation is that links and text can be deceptive and misaligned…