Numerous advertisements from Ethereum blockchain explorer Etherscan were found to be part of a large-scale phishing attempt targeting Etherscan users directly.
On April 8, X community member McBiblets identified some Etherscan ads as wallet drains and warned users that clicking on them would lead them to a phishing website.
Subsequent investigation revealed that Etherscan’s phishing ads had also been replicated on several popular phishing websites.
Following in the footsteps of McBiblets, web3 fraud prevention platform Scam Sniffer found that phishing ads went beyond Etherscan and appeared on major search engines such as Google, Bing and DuckDuckGo, as well as on social media platform X.
Scam Sniffer suspects that large-scale phishing campaigns are caused by a lack of control by ad aggregators.
“Etherscan aggregates ads from platforms like Coinzilla and Persona, which can expose you to phishing attempts if there is insufficient filtering.”
Wallet-snapping scams involve luring users to fake websites and asking them to link a cryptocurrency wallet. Once connected, fraudsters can withdraw funds to your personal wallet address without any confirmation or approval from you.
23pds, SlowMist’s principal information security officer, also issued Warning about phishing ads from Etherscan:
“Be careful, there are phishing ads on Etherscan.”
Angel Drainer, a notorious and experienced cyber-phishing company, is suspected of leading an ongoing phishing attack campaign targeting Etherscan users. However, as of this writing, no substantive evidence has been found regarding the identity of the scammer.
Meanwhile, the current phishing advisory was issued as the industry sees an increase in the number of phishing schemes targeting it.
According to Scam Sniffer: data, phishing attacks cost approximately 97,000 cryptocurrency users $104 million in the first few months of the year. January’s loss was $55 million, and February’s loss was $46.8 million.
According to the attack details, Ethereum users suffered the most, losing $78 million in assets, including ETH and ERC20 tokens.
The main tactic used by cybercriminals was to trick victims into signing harmful phishing signatures such as “Uniswap Permit2” and “increaseAllowance”. This allowed malicious players to gain unauthorized access to victims’ cash.
“The majority of all ERC20 token thefts occur because assets are stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” Sniffer explained in a statement.
Scam Sniffer found that the majority of victims were fooled by fake comments on social media platforms, especially on X.
Attackers often pose as respected cryptocurrency organizations to lure unwary people to phishing sites where their digital assets are stolen.