The rising trend of phishing on IPFS: What you need to know

Luis Corrons 24 May 2023

By staying informed about potential threats and taking proactive measures to protect yourself, you can continue to enjoy the benefits of Web3 and IPFS while minimizing your risk of falling victim to phishing attacks.

Web3, often described as the next generation of the internet, promises a more decentralized and secure online experience. One of the key components of Web3 is the InterPlanetary File System (IPFS), a peer-to-peer (P2P) storage solution that allows for the efficient and secure sharing of data.

However, recent trends show a concerning increase in phishing attempts using IPFS, with attackers taking advantage of its decentralized nature to host and distribute malicious content. In this article, we'll explain the basics of Web3 and IPFS, how phishing on IPFS works, and how you can protect yourself against such threats.

What is Web3 and IPFS?

Web3 is an umbrella term that encompasses various technologies aimed at creating a decentralized and open internet. IPFS, a key component of Web3, is a P2P object storage system that relies on content addressing rather than location addressing. This means that files are identified by a cryptographic hash, which is then encapsulated in a content identifier (CID).

IPFS allows for decentralized storage and access, eliminating the need for a central server. This has its advantages, but it also opens the door to malicious actors who use the technology for nefarious purposes, such as phishing.

Phishing on IPFS

Phishing is a form of online fraud where attackers try to obtain sensitive information by posing as a trusted entity. Cybercriminals have been increasingly using IPFS to host and distribute phishing content. They do this by uploading HTML files containing a phishing form to IPFS and using gateways as proxies to allow victims to access the files without needing IPFS client software.

The use of IPFS for phishing provides attackers with several benefits. First, hosting costs are reduced as they don't need to purchase domains. Second, it becomes more difficult to remove the malicious content, as files on IPFS can't be deleted by third parties. This makes it harder for security researchers and authorities to take down phishing pages.

In the digital world, phishing has always been a prevalent threat, and while traditional phishing methods still dominate, IPFS phishing is quickly gaining traction. During the latter half of 2022, cybercriminals began to experiment with IPFS phishing. Initially, the adoption was slow, but the trend has since escalated at an alarming rate.

In the first quarter of 2023, the number of IPFS phishing sites detected was equal to the total number of sites found throughout 2022. This rapid growth continued into April 2023, which has seen a record-breaking 173% increase in detected IPFS phishing sites compared to the entire year of 2022.

This surge in IPFS phishing activity demonstrates that cybercriminals are constantly seeking new methods to exploit users and remain ahead of security measures. This significant increase also emphasizes the importance of staying vigilant and educated on the latest threats and trends in the cybersecurity landscape.

MicrosoftTeams-image (11)

The chart shows a persistent raising activity through 2023

MicrosoftTeams-image (13)

Phishing attacks that utilize the IPFS infrastructure have been observed worldwide. Hungary has been particularly hard hit, with significant activity since the start of the year. This activity has surpassed that of typically active phishing countries such as the United States, France, Spain, United Kingdom and Brazil.

MicrosoftTeams-image (12)

In our data, we observe a relatively strong focus on the abuse of the Microsoft brand (16.75%). These samples are characterized by the use of obfuscation techniques in the vast majority. The technique used is not difficult to deobfuscate, but it can certainly help to degrade the detection capabilities for some other antivirus.


The growing trend of phishing on IPFS is a cause for concern, but it's essential to remember that the technology itself is not inherently malicious. By staying informed about potential threats and taking proactive measures to protect yourself, you can continue to enjoy the benefits of Web3 and IPFS while minimizing your risk of falling victim to phishing attacks. Always exercise caution when interacting with unfamiliar content and be vigilant in protecting your personal information online.

Protecting yourself from IPFS phishing threats

As phishing on IPFS becomes more prevalent, it's essential for consumers to take steps to protect themselves. Here are some tips to help you stay safe:

  • Use anti-phishing tools: Make sure your browser and antivirus software are up-to-date and have built-in anti-phishing features enabled. These tools can help detect and block phishing links, including those hosted on IPFS.

  • Be cautious with links: Always double-check the links in emails and messages, especially if they come from unknown sources. Look for telltale signs of phishing, such as misspellings, odd URLs, or requests for sensitive information.

  • Educate yourself: Stay informed about the latest phishing tactics and trends. Understanding how phishing works and the methods attackers use can help you spot potential scams before falling victim to them.
--> -->