Etherscan ads behind massive phishing campaign
The wallet drainer scam involves luring users into fake websites and prompting them to link their crypto wallets and eventually draining all funds.
A number of advertisements on Ethereum blockchain explorer Etherscan have been identified as part of a major phishing campaign that is actively targeting Etherscan users.
On April 8, X community member McBiblets identified some advertisements on Etherscan as wallet drainers, warning users against being redirected to phishing websites when clicking on such advertisements.
Further investigations revealed that the phishing advertisements appearing on Etherscan were also displayed on various known phishing websites.
Picking up on McBiblets’ lead, Web3 anti-scam platform Scam Sniffer found that the phishing advertisements spread beyond Etherscan and were showing up on popular search engines like Google, Bing and DuckDuckGo, and social media platform X.
Scam Sniffer suspected the lack of oversight from advertisement aggregators as the root cause of the large-scale phishing campaign:
“Etherscan aggregates ads from platforms like Coinzilla and Persona, where insufficient filtering could lead to exposure to phishing attempts.”
The wallet drainer scam involves luring users to fake websites and prompting them to link their crypto wallets. Once linked, the scammer can withdraw funds into their personal wallet addresses without user authentication or permission.
Blockchain security firm SlowMist’s chief information security officer, 23pds, also issued a warning about the phishing advertisements on Etherscan:
“Be careful, there are phishing ads on etherscan.”
The infamous and seasoned cyber phishing organization Angel Drainer is suspected of running the ongoing phishing attack campaign against Etherscan users. However, concrete evidence about the scammers’ identity remains unidentified at the time of writing.
Read Cointelegraph’s guide to learn more about phishing attacks and how to prevent them.
Related: Crypto phishing attacks reached ‘alarming levels’ — CertiK co-founder
In 2023 alone, crypto phishing scams stole nearly $300 million from over 324,000 victims through wallet drainers.
Scam Sniffer also reported that even when drainers close down, “phishing gangs” just take their business elsewhere, as there seems to be no lack of platforms providing services for scammers.
Responses