CINA Distinguished Speaker Series with Nick Nikiforakis: “Bridgespotting: How Web3 Attackers Target Web2 Cryptocurrency Users”

Join us on Thursday, September 28th, for the virtual CINA Distinguished Speaker Series event featuring Nick Nikiforakis, Associate Professor in the Department of Computer Science at Stony Brook University as he discusses “Bridgespotting: How Web3 Attackers Target Web2 Cryptocurrency Users.”

REGISTER NOW

The talk will take place from 12:00-12:45 p.m., with an interactive audience Q&A from 12:45-1:30 p.m. 

Call-in details for the virtual meeting will be provided upon registration.

Presentation Abstract

As cryptocurrencies increase in popularity and users obtain and manage their own assets, attackers are pivoting from just abusing cryptocurrencies as a payment mechanism, to stealing crypto assets from end users. Since only a small fraction of users own crypto assets, attackers must somehow identify these users among the crowd, in order to target them.

In this presentation, we will introduce the concept of Web2-to-Web3 bridges, i.e., ways that attackers discover users on the traditional web in order to attack their cryptocurrency (i.e. Web3) assets. First, we will cover one of the most popular social-engineering attacks involving fake crypto giveaway events and describe our system for automatically discovering these attacks in the wild. We will review patterns and characteristics of more than 10K giveaway scams that our tool discovered over a period of 6 months and trace these scams back to attacker wallets and millions of dollars worth of stolen funds. Second, we will present a different bridge targeting users who are interested in personal-finance content. We will show how attackers are relying on automation to bait users on large video platforms before moving them over to an instant-messaging medium where they eventually try to steal their crypto assets. Throughout the talk, we will describe how automation, network-security mechanisms, and public APIs can be combined to produce accurate and automated solutions that can identify Web3 attacks, giving a chance to defenders to disrupt these bridges before user assets are irrevocably lost.

Speaker Bio

Dr. Nick Nikiforakis (PhD’13) is an Associate Professor in the Department of Computer Science at Stony Brook University. He leads the PragSec Lab, where his students conduct research in cyber security, with a focus on web security, web privacy, DNS security, attack-surface reduction, and deception-based security. He is the author of more than 80 peer-reviewed academic publications and his work is often discussed in the popular press. He is the recipient of the National Science Foundation CAREER award (2020), the Office of Naval Research Young Investigator Award (2020), as well as a range of other security-related and privacy-related awards by federal funding agencies.