A method of “hacking” commonly used recently consists in creating fraudulent cryptocurrency exchange sites, to better empty the wallet of the Internet user who connects to them. What to do to never fall for it?
If the cryptocurrency sector is famous for the stories of people who have made great capital gains, it is also high risk ground. A number of currencies launched since 2017 have been outright scams. And then there is also the phenomenon of “hacking”. Whether by detecting currency orDeFi or even by managing to deceive certain Internet users, tricks are commonplace. The one we describe here is a fine recent example.
Take a good look at the image below. We tapped onthe expression “Pancakeswap” in order to access this decentralized cryptocurrency exchange platform ( ). What do we see? The first two results displayed by Google are sites practicing “phishing” (display of a fraudulent website which scrupulously copies the appearance of the original). The real PancakeSwap site only appears in third place. Note also that the first two sites are advertisements under the system .
If a person clicks on one of the first two results, the site will ask them to connect their wallet (wallet). The wallet in question (for example Metamask) will inquire about the secret access key of the Internet user. This sesame consists of a series of 12 words supposed to remain top secret. Normally, the wallet does not ask for it, but it suffices to be a little distracted that day, and the Internet user will then type in this sesame, believing that the Metamask is performing a one-off security check. If he types this series of words, the designer of the fraudulent site will then be able to empty his cryptocurrency wallet!
How to protect yourself from this hacking
This particularly annoying situation has become common. sounds the alarm: more than 500,000 dollars have been stolen in the space of a weekend. Some have even asked the question: to what extent is Google responsible for this situation? Shouldn’t the Californian giant be more alert about such uses of its Adwords for fraud purposes? Until such a question is resolved, how can we remain safe from such piracy?
- First of all, know it: your wallet will never ask you to enter the passphrase, unless you connect from a device on which you have never used this wallet.
- Avoid clicking on Google ads if you want to connect to a cryptocurrency exchange. Choose only natural links.
- Rather than going through Google to get to such a platform, create a list of favorites and connect from that list.
- Always examine the URL of a site before clicking on it.
The cryptocurrency industry is still relatively young and it is likely that we will see more fraudulent schemes appear. It is therefore important to remain vigilant: each time a platform makes an unusual request, it is best to take the time to reflect and consider the possibility of a.