Phishing Campaign Targeting Etherscan Users Exposed After Ads Detected
By Hassan Shittu
Updated:
April 8, 2024 10:06 EDT
|
3 min read
A notable phishing campaign aimed at users of the Ethereum blockchain explorer Etherscan has been uncovered, with several malicious advertisements being identified as part of the operation.
An alert was raised by a user on X, who flagged suspicious phishing scam ads on Etherscan.
Warning Issued as Phishing Campaign Targets Etherscan Users
On April 8, McBiblets alerted users about certain ads on Etherscan that could potentially drain their wallets, warning them to be cautious when clicking on such ads to avoid being redirected to phishing websites.
Further investigation revealed that these phishing ads were not limited to Etherscan alone, but were also found on various well-known phishing websites. Web3 security platform Scam Sniffer promptly responded to the warning and initiated an investigation.
Shortly after, Scam Sniffer confirmed the presence of a new scam through their official X account.
“Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts,” explained Scam Sniffer.
Scam Sniffer uncovered the extent of the phishing campaign, noting that the ads were spreading beyond Etherscan and appearing on popular search engines like Google, Bing, DuckDuckGo, as well as on social media platforms.
Renowned on-chain detective ZachXBT delved deeper, revealing that the phishing on Etherscan is connected to a draining service. Furthermore, ZachXBT disclosed that the draining service had already stolen a six-figure sum from a victim.
ZachXBT also shared the address of the theft. When the address was checked on-chain, it was discovered that the wallet contained 87.08 Ethereum (ETH), equivalent to approximately $298,972 at the time of reporting.
At the time of writing, this amount is still valued at approximately $298,972. Additionally, the scammer possesses other tokens and coins, including $25,375 worth of OPSEC, $9,642 worth of PEPE, and $4,207 worth of Ethena (ENA).
While the notorious cyber phishing organization Angel Drainer is suspected of orchestrating this ongoing attack on Etherscan users, concrete evidence about the culprits remains elusive.
The modus operandi of the wallet drainer scam involves luring users to counterfeit websites and prompting them to link their crypto wallets. Once linked, scammers can siphon funds into their personal wallet addresses without requiring user authentication or permission.
Chief Information Security Officer 23pds from blockchain security firm SlowMist stressed the importance of the warning, advising users to exercise caution due to the presence of phishing ads on Etherscan.
Phishing Attacks on Crypto Users Result in $300 Million in Losses in 2023, Reports Scam Sniffer
Phishing attacks pose a significant threat to crypto users, with scammers stealing nearly $300 million from over 324,000 victims through wallet drainers in 2023 alone, according to Scam Sniffer.
According to data from Scam Sniffer, phishing attacks targeted around 97,000 crypto users, resulting in a loss of $104 million in the first few months of this year. The losses in January were $55 million, followed by $46.8 million in February.
Ethereum users suffered the most damage, losing $78 million in assets, including ETH and ERC20 tokens, as per the breakdown of the attacks. The primary tactic employed by cybercriminals was tricking victims into signing harmful phishing signatures such as “Uniswap Permit2” and “increaseAllowance,” which provided the malicious actors with unauthorized access to their victims’ funds.
“Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” explained Sniffer in a statement.
Furthermore, Scam Sniffer found that the majority of victims were deceived by false comments on social media platforms, particularly X. The attackers often posed as reputable cryptocurrency organizations to lure unsuspecting individuals to phishing sites where their digital assets were stolen.
Despite efforts to shut down such scams, Scam Sniffer notes that “phishing gangs” frequently relocate their operations to different platforms, indicating an ongoing challenge in combating fraudulent activities in the crypto space.
Follow Us on Google News
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.
Identification of Phishing Campaigns Targeting Etherscan Users via Advertisements
Related Posts
Add A Comment