Phishing Attacks Targeting Etherscan Users Exposed in Advertisements Campaign
By Hassan Shittu
Published:
April 8, 2024 10:06 EDT
|
Read Time: 3 minutes
A significant phishing campaign aimed at users of the Ethereum blockchain explorer Etherscan has been uncovered, with several malicious advertisements identified as part of the operation.
A user on X raised concerns about potential phishing scam ads on Etherscan, prompting an alert to be issued.
Etherscan Users Warned About Phishing Campaign
On April 8, McBiblets flagged certain advertisements on Etherscan as potential threats to users’ wallets, cautioning against clicking on these ads to avoid being redirected to phishing websites.
Further investigation revealed that these phishing ads were not limited to Etherscan but were also found on various known phishing websites. Web3 security platform Scam Sniffer promptly responded to the warning and initiated an investigation.
Shortly after, Scam Sniffer confirmed the existence of a new scam through their official X account.
“Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts,” explained Scam Sniffer.
Scam Sniffer discovered the extent of the phishing campaign, noting that the ads were spreading beyond Etherscan and appearing on popular search engines like Google, Bing, DuckDuckGo, and social media platforms.
Renowned blockchain detective ZachXBT conducted further research and revealed that the phishing on Etherscan is associated with a draining service. He also disclosed that the service had already stolen a six-figure sum from a victim.
ZachXBT also shared the address of the theft. When the address was investigated, it was found to contain 87.08 Ethereum (ETH), which is equivalent to approximately $298,972 at the time of reporting.
Additionally, the scammer possesses other tokens and coins, including $25,375 worth of OPSEC, $9,642 worth of PEPE, and $4,207 worth of Ethena (ENA).
While the notorious cyber phishing group Angel Drainer is suspected of orchestrating this ongoing attack on Etherscan users, concrete evidence of the perpetrators remains elusive.
The wallet drainer scam operates by luring users to counterfeit websites and encouraging them to link their crypto wallets. Once linked, scammers can transfer funds to their personal wallet addresses without requiring user authentication or permission.
Chief Information Security Officer 23pds from blockchain security firm SlowMist emphasized the warning and advised users to be cautious due to the presence of phishing ads on Etherscan.
Phishing Attacks on Crypto Users Lead to $300 Million in Losses in 2023, Reports Scam Sniffer
Phishing attacks pose a significant threat to crypto users, with Scam Sniffer reporting that nearly $300 million was stolen from over 324,000 victims through wallet drainers in 2023 alone.
According to Scam Sniffer’s data, phishing attacks scammed approximately 97,000 crypto users out of $104 million in the first few months of this year. Losses amounted to $55 million in January and $46.8 million in February.
Ethereum users suffered the most significant losses, totaling $78 million in assets, including ETH and ERC20 tokens. Cybercriminals primarily used tactics such as tricking victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance,” which granted unauthorized access to their victims’ funds.
“Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” explained Sniffer in a statement.
Scam Sniffer also discovered that the majority of victims were deceived by false comments on social media platforms, particularly X. Attackers often masquerade as reputable cryptocurrency organizations to lure unsuspecting individuals to phishing sites where their digital assets are stolen.
Despite efforts to shut down such scams, Scam Sniffer notes that “phishing gangs” frequently relocate their operations to different platforms, indicating an ongoing challenge in combating fraudulent activities in the crypto space.
Follow Us on Google News
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.