Cisco Talos Analysis – Security Risks in the Metaverse

In the so-called Metaverse or Web 3.0, many things should be different. What remains: cybercriminals will also try to do their mischief here. This is shown by analyses by Cisco’s cybersecurity arm Talos. […]

The Internet as we know it is changing. How sustainable, we’ll see. In any case, the so-called Web 3.0 with blockchain, cryptocurrencies and decentralized data storage will provide the technical foundations for the metaverse, a new virtual 3D space for digital encounters and business as well as electronic exchange. More and more users are already experimenting with NFTs (Non Fungible Tokens) or cryptocurrencies.

Even if the upcoming upheavals will be significant, one thing seems to be certain: there will also be a lot of hackers, phishers and scammers in the Metaverse. Cisco Talos, the ICT security arm of the networking giant, has analyzed in more detail the dangers lurking in Web 3.0 and examined the new virtual space for its vulnerabilities.

Conclusion: The Metaverse brings new technologies, but also old problems with it.

Web 3.0: A playground for cybercriminals

The fact is: the promises of Web 3.0 also make it interesting for cybercriminals. They use well-known social engineering and phishing techniques. However, completely new attack vectors are also emerging around the metaverse.

“Most cybercriminals are financially motivated. The Metaverse offers them a large and unregulated playground where they can steal their cryptocurrency and NFTs from inexperienced users – assets that are almost impossible to recover in the event of theft,” explains Jaeson Schultz, Technical Leader at Cisco’s Talos Security Intelligence &Research Group, in a recent blog post.

There he also gives tips on how to better protect yourself in Web 3.0. In particular, Cisco Talos identifies the following security risks:

  • ENS-DNS domains for cryptocurrency wallets. The chosen ENS name (Ethereum Name Service) could remove anonymity and reveal the identity of the owner of the virtual wallet address. Often you can see ENS names like “DebbieSmith.eth” or find them on Twitter profiles, which makes it possible to determine the balance of this person and attract cybercriminals. 3.8 Percent of those found by Talos .eth addresses contained more than $100,000 in Ethereum, while 9 percent of addresses contained more than $30,000.
  • Social engineering attacks, especially via social networks, where users are to be seduced into an ill-considered action. This works particularly well with new technologies that users are not yet so familiar with. The attacks are aimed at cloning wallets, for example, Metamask support scams and attacks on “whale” accounts with large amounts of cryptocurrencies are also included.
  • Malicious smart contracts. Attackers write their own malware, which is on the blockchain in the form of malicious smart contract code. Examples include “sleepminting” (falsifying the origin of NFT) and attackers who trick users into granting access to their wallets without handing over the digital asset.
  • Active attacks on Seed Phrases (Word list for recovery) and deliberate spying on wallet seed phrases.

And the mentioned security problems are likely to be just the beginning. “Cisco Talos expects that with the increasing maturity of Web 3.0 and the Metaverse, the interest of cybercriminals will also increase. This will increase both the volume of attacks and their sophistication,”concludes Schultz.

*Jens Stark is an author at COM!professional.

Outsourced Development Services | Unreal Engine Development

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: