Web3 has been garnering attention recently, but it has yet to be used for anything practical and widespread except for one thing: phishing. The concept of Web 3 encompasses a variety of technologies. In this article, they will ignore the blockchain aspects of Web3 and focus instead on its storage side: specifically, the InterPlanetary File System (IPFS), a peer-to-peer (P2P) object storage system that relies on content addressing instead of location addressing.
Simply put, each file is addressed by a cryptographic hash and a distributed hash table scheme is used to locate a copy of the file. The hash is encapsulated in a so-called content identifier (CID) and immutably identifies that file. We have been observing a rise in the misuse of this technology and will dive into it in greater detail in a future report. In the meantime, let us focus on a specific type of phishing on IPFS.
Normally, IPFS is only available through the P2P network, although to ease the transition for ordinary web users, there are a number of public IPFS gateways that accept a URL with a CID in it and deliver the content of that IPFS file. These gateways usually take the form http[s]://<gateway domain>/ipfs/<CID>.