Security firm CertiK has alerted users of the popular SocialFi marketplace STFX to potential ice phishing activity.

In a Feb. 22 tweet, the company said it detected a fake STFX airdrop conducted by an externally owned account (EOA) on the Ethereum (ETH) network.

Users cautioned against interacting with harmful link

CertiK warned STFX  users not to interact with the address since it was allegedly associated with other fake airdrop scams.

The on-chain monitoring platform further advised anyone who had interacted with the suspicious wallet to revoke any permissions they had granted immediately.

#CertiKSkynetAlert 🚨We have detected a fake @STFX_IO airdrop. Do not interact with hxxps://stfx-airdrops.org/Associated wallet has been previously identified in ice phishing activities. https://t.co/G6BoQ4qIPP pic.twitter.com/cA4GsobaoR

— CertiK Alert (@CertiKAlert) February 22, 2023

The alleged attackers reportedly lured STFX users with a fake link to a landing page that looked eerily similar to the actual STFX website. The mocked-up website asks potential victims to claim their airdrop reward by connecting their wallets.

Beware of fake Blur.io airdrop

At the same time, CertiK has warned Blur.io users of a fake airdrop URL. According to Certik, the URL can potentially drain any wallet with which it interacts.

The company suggested Blur.io users be extra vigilant since bad actors could take advantage of the NFT aggregator’s highly successful airdrop to lure unsuspecting victims into thinking it was a continuation of the same.

#CertiKSkynetAlert 🚨We have detected a fake @blur_io airdrop URL.Do not interact with hxxps://open-blur.com/ which is a wallet drainer.Be extra vigilant of Blur airdrop scams! pic.twitter.com/lB73XLyGAO

— CertiK Alert (@CertiKAlert) February 22, 2023

Analysts believe the recent growth of Blur’s NFT market share could usher in a spate of con artists looking to defraud eager Blur users of their hard-earned money.

Ice phishing scams on the rise

CertiK had warned against the rise in ice phishing scam cases while highlighting precautionary steps crypto enthusiasts could take to keep their funds secure in its most recent advice report to the web3 sector.

Ice phishing refers to a scamming method where bad actors trick crypto users into manually signing and authorizing permissions that give them access to their funds.

#CertiKSkynetAlert 🚨1/ Ice phishing is a considerable threat to the Web3 community Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.We’ll outline below what to look out for, and how to protect yourself!

— CertiK Alert (@CertiKAlert) December 20, 2022

Once they have this authorization, the scammers can move money from the victims’ accounts to any other wallet address. It is not the case with conventional phishing scams, where hackers can obtain private keys or passwords by tricking unwary individuals into clicking on harmful links or visiting bogus websites.

CertiK has advised crypto users to avoid providing access to dodgy addresses requesting arbitrary permissions, especially when using blockchain explorer platforms like Etherscan.

Furthermore, the blockchain security firm stated that ice phishing schemes were most common on social media platforms such as Twitter, where phony personas advertise bogus airdrops while posing as legitimate projects.