Contact

info@th3fus3.com



© 2024 TheFuse. All rights reserved.

Major Phishing Campaign Targets Etherscan Users

The campaign lures users to fake websites, draining their wallets without consent

April 8, 2024 10:46 AM

Reading time: 1 minute, 40 seconds

TL;DR A significant phishing campaign targeting Etherscan users has been discovered. Advertisements on the Ethereum blockchain explorer act as conduits to phishing sites. Investigations have traced similar ads across search engines and social media, pointing to a larger issue with ad aggregators' filtering mechanisms.

A recent discovery by a community member known as McBiblets has unveiled a major phishing campaign targeting users of Etherscan, the Ethereum blockchain explorer.

On April 8, McBiblets noticed certain advertisements on Etherscan that acted as wallet drainers, immediately raising alarms about the potential dangers of clicking on these ads. This finding has led to deeper investigations revealing a broader issue at hand.

Following McBiblets' initial report, the Web3 anti-scam platform Scam Sniffer took the lead in investigating the matter further.

Their research indicated that the phishing advertisements found on Etherscan were not isolated incidents. Similar ads were identified across popular search engines like Google, Bing, and DuckDuckGo, as well as on social media platform X. This widespread presence suggests a coordinated effort to exploit users across multiple platforms.

The source of these malicious advertisements appears to stem from the advertisement aggregators used by Etherscan, such as Coinzilla and Persona. Scam Sniffer pointed out that these platforms might lack the necessary filtering mechanisms to sift out phishing attempts, making it easier for scammers to reach potential victims.

"Etherscan aggregates ads from platforms like Coinzilla and Persona, where insufficient filtering could lead to exposure to phishing attempts," noted Scam Sniffer in their report.

The phishing scheme typically involves directing users to counterfeit websites where they are prompted to link their crypto wallets.

Once connected, the scammers can siphon off funds without requiring further authentication or permission from the user. Blockchain security firm SlowMist's chief information security officer, known as 23pds, also issued warnings regarding these deceptive advertisements.

While the identity of the perpetrators remains unclear, the notorious phishing group Angel Drainer is suspected of orchestrating this campaign. Despite the lack of concrete evidence pinpointing the scammers, the impact of such phishing attacks is undeniable.

In 2023 alone, crypto phishing scams have defrauded victims of nearly $300 million, affecting over 324,000 individuals. Scam Sniffer's insights reveal a grim reality where, even as some phishing operations shut down, others quickly take their place, highlighting the persistent threat posed by these cybercriminals.

Share this

Similar news
cryptocurrency

SEC Sets Target on Yet Another Crypto Market Maker

Crypto Market Maker Faces Legal Battle

October 11, 2024 01:00 PM
cryptocurrency

Striple Scores One-Day, 70-Country Stablecoin Payment Success

Stripe had previously discontinued Bitcoin payments due to high fees and slow confirmation times

October 11, 2024 11:59 AM
cryptocurrency

Bitnomial Sues the SEC Over XRP Futures

Crypto exchange challenges regulatory oversight

October 11, 2024 11:00 AM
All results loaded