It is an internet scam that targets cryptocurrency users. The ice phishing attack is designed to deceive the target into signing a malicious smart contract, which itself is programmed to steal any available cryptocurrency coins in the wallet. The smart contract malware will forward the stolen coins to the hacker’s address.
Preventing ice phishing
- Only visit decentralized apps and services via verified URLs to prevent domain squatters and phishing.
- Check to verify the address on the smart contract frequently, including the transaction details and the contract’s initial appearance.
- Use smart contract audits to ensure contract legitimacy and security.
- When you use crypto wallets like Metamask to sign a transaction, be sure to go over the transaction details to ensure that it executes the appropriate actions.
- In the case of long-term investments like valuable NFTs, the best option is to store them in cold storage and simultaneously put cash aside for transactions and active decentralized apps in a different hot wallet.
- Keep an eye out for incident reaction buttons like pause or unpause in the smart contracts — these give you more control.
- If you’re granting access or sending payments to crypto assets, confirm the contract hash with blockchain analytics or on Etherscan to be sure it’s the right entity.
- Interact with official staff and avoid anyone posing as customer service on social media. Finally, you can verify the project using recognised social media channels and email addresses to dissuade any doubts.