In a security announcement, the cryptocurrency revenue platform called Zerobase reported the existence of a “phishing contract” on the BNB Chain network in an attempt by attackers to “impersonate” the company and “hijack user connections.”
In response, the Binance division responsible for the exchange’s Web3 wallet has decided to protect its users by blocking malicious domains masquerading as the ZEROBASE website.
In reality, this is what Binance does Allows you to filter the web pages and contract exchanges that users can interact with through Binance Walletconfirms that the possibility of censorship exists within the service. However, the exchange determined that this action would cause less harm than confirming the centralization of wallets than exposing hundreds of thousands of users to malicious contracts on the BNB Chain network.
We have received reports from users that a phishing contract on the BNB Chain (BSC) is impersonating ZEROBASE, hijacking users’ connections, pretending to be the official ZEROBASE interface, and attempting to trick users into granting USDT authorization.
Zero-based, cryptocurrency earning platform.
ZEROBASE, which claims to have implemented a malicious authorization detection mechanism, then publishes the phishing contract address 0x0dd28fd7d343401e46c1af33031b27aed2152396 to thwart users.
According to the crypto yield company, this mechanism works as follows: Visit ZEROBASE Staking and you’ll see: “If it is detected that your wallet has interacted with this contract, the system will automatically block deposits and withdrawals until the authorization of the phishing contract is revoked.” This mechanism indicates that ZEROBASE also has infrastructure controls in place to reject addresses on the platform.
Finally, companies offering staking recommend: Use tools that allow you to revoke smart contract authorization and regain full access To the functions of ZEROBASE.
What has Binance done to protect users from phishing?
Binance has taken some direct steps that violate the principle of decentralization but are effective in protecting users from ZEROBASE phishing.
The measurements are:
1. Block the suspected phishing web domain and prevent future access to that website through Binance Wallet.
2. Blacklist contracts identified as malicious.
3. Send automated alerts to potentially affected Binance Wallet users.
Additionally, Binance Wallet shares the following recommendations:
Open your Binance wallet, go to the (Assets) page, and click (Approval) to check for malicious contract approval requests. If you find any unknown or suspicious permissions, revoke them immediately. We will continue to monitor the situation closely and take necessary measures to ensure the safety of our users. We will share any updates as soon as possible.
A division of Binance Wallet, a virtual currency wallet.
The dilemma: centralized security or free will?
The steps taken by Binance are expected for an exchange that requires legal and state permissions to operate without disruption. To ensure a reasonable minimum level of consumer protection, we have decided to block domains and blacklist phishing agreements. This provides a measure of authority over the wallet infrastructure held by the exchange. Rightly or wrongly, the actions of brokerage firms regarding cryptocurrencies confirm that their personal asset protection services are subject to centralization.
This discussion about Binance Wallet and its centralization is not new. It was born at a time when there were wallet developers. Decided to implement a multiparty key computing (MPC) model At your service. In this model, after the Binance wallet is generated, the exchange Keep a fragment of the key on the serverso many security experts and enthusiasts do not consider it to be completely self-managed.
Other wallets that are considered fully self-custodial have mechanisms in place to identify fraudulent contracts; We do not go so far as to directly block web domains.
Instead, these platforms are typically limited to providing warning notifications when users are attempting to manipulate suspicious contracts, but giving owners the freedom to proceed if they wish.
«This website may be malicious. Continued access may result in loss of assets. If you understand the risks and wish to proceed, please ignore this message or whitelist the agreement,” reads the warning from OneKey, indicating how the self-custody wallet addresses users’ free will.
