Major phishing campaign targets Etherscan users through on-site ads

Numerous advertisements on the Ethereum blockchain explorer Etherscan have been identified as part of a large-scale phishing campaign targeting Etherscan users. On April 8, a member of the X community named McBiblets noticed that some Etherscan ads were fraudulent and warned users that clicking on them would lead to phishing websites. Further investigation revealed that these phishing ads were also replicated on various well-known phishing sites.

Building on McBiblets’ discovery, the web3 anti-scam platform Scam Sniffer found that the phishing ads had spread beyond Etherscan and appeared on popular search engines like Google, Bing, and DuckDuckGo, as well as on social media platform X. Scam Sniffer suspects that the lack of control by advertisement aggregators, such as Coinzilla and Persona, allowed for the exposure to phishing attempts.

The phishing scheme, known as “wallet drainer fraud,” involves luring users to fake websites and asking them to connect their cryptocurrency wallets. Once the wallets are linked, scammers can withdraw funds to their personal addresses without the user’s verification or authorization.

23pds, the principal information security officer at SlowMist, also issued a warning about the phishing ads on Etherscan, urging users to be cautious. The cyber phishing company Angel Drainer, which has a notorious reputation, is suspected of leading this ongoing phishing attack against Etherscan users. However, no substantial evidence regarding the scammers’ identities has been discovered at this time.

This recent phishing advisory comes at a time when the industry is facing an increasing number of phishing schemes targeting cryptocurrency users. According to data from Scam Sniffer, phishing attacks have already scammed approximately 97,000 crypto users out of $104 million in the first few months of this year. In January, losses amounted to $55 million, followed by $46.8 million in February.

Ethereum users have suffered the most significant losses, with $78 million worth of assets, including ETH and ERC20 tokens, being stolen in these attacks. Cybercriminals primarily employed tactics such as tricking victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance,” which granted unauthorized access to their victims’ funds.

Scam Sniffer discovered that the majority of victims fell for false comments on social media platforms, particularly X. The attackers often masquerade as reputable cryptocurrency organizations to lure unsuspecting individuals to phishing sites where their digital assets are stolen.