A phishing campaign targeting users of the Ethereum blockchain explorer Etherscan was recently uncovered, with malicious advertisements identified as part of the operation. The campaign was flagged by a user on Twitter, who warned users about potentially malicious phishing scam ads on Etherscan. Further investigation revealed that these phishing advertisements were not limited to Etherscan but were also found on various known phishing websites. Web3 security platform Scam Sniffer responded swiftly to the warning and launched an investigation. The extent of the phishing campaign was uncovered, with advertisements spreading beyond Etherscan to popular search engines like Google, Bing, DuckDuckGo, and social media platforms.
Renowned on-chain detective ZachXBT further delved into the phishing on Etherscan and revealed that it was linked to a draining service that had successfully phished a six-figure sum from a victim. The theft address linked to the scam contained 87.08 Ethereum, equivalent to approximately $298,972 at the time of reporting. The suspected cyber phishing organization Angel Drainer is believed to be behind the ongoing attack against Etherscan users, although concrete evidence about the perpetrators remains elusive. The modus operandi of the wallet drainer scam involves luring users to counterfeit websites, prompting them to link their crypto wallets, and siphoning off funds without user authentication or permission.
Chief Information Security Officer 23pds from blockchain security firm SlowMist emphasized the warning about phishing ads on Etherscan, advising users to exercise caution. Phishing attacks pose a significant threat to crypto users, with nearly $300 million stolen from over 324,000 victims through wallet drainers in 2023 alone. In the first few months of 2024, phishing attacks scammed around 97,000 crypto users of $104 million. Ethereum users suffered the most damage, losing $78 million in assets, including ETH and ERC20 tokens. Cybercriminals often trick victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance” to gain unauthorized access to victims’ funds.
Scam Sniffer discovered that most thefts of ERC20 tokens were due to assets being stolen as a result of signing phishing signatures like Permit, IncreaseAllowance, and Uniswap Permit2. The majority of victims were duped by false comments on social media platforms, particularly Twitter, where attackers pose as respectable cryptocurrency organizations to lure victims to phishing sites. Despite efforts to shut down such scams, phishing gangs often relocate their operations to different platforms, posing a persistent challenge in combating fraudulent activities in the crypto space. It is crucial for users to be cautious and vigilant when interacting with ads or links on platforms like Etherscan to protect their digital assets from phishing attacks.
