Phishing Campaigns Targeting Etherscan Users Through Advertisements Identified

04/08/2024 21:06
Phishing Campaigns Targeting Etherscan Users Through Advertisements Identified

A significant phishing campaign with several advertisements targeting users of the Ethereum blockchain explorer Etherscan has been identified.

Hassan Shittu

Last updated: | 3 min read

Phishing Campaigns Targeting Etherscan Users Through Advertisements Identified

A significant phishing campaign targeting users of the Ethereum blockchain explorer Etherscan has come to light, with several advertisements identified as part of the malicious operation.

The campaign was called out by a user on X, who raised a red flag about the presence of potentially malicious phishing scam ads. 

Warning Issued After Phishing Campaign Targets Etherscan Users

All the other phishing sites it's linked to pic.twitter.com/4PjxnYn3ny

— McBiblets (@mcbiblets) April 7, 2024

On April 8, McBiblets, flagged certain advertisements on Etherscan as potential wallet drainers, cautioning users against being redirected to phishing websites upon clicking on such ads.

Further investigation revealed that these phishing advertisements were not limited to Etherscan but were also spotted on various known phishing websites. Web3 security platform Scam Sniffer swiftly responded to the warning and launched an investigation.

🚨🕵️‍♂️ Alert: Phishing ads running rampant on Google, Twitter, Bing, & DuckDuckGo are now targeting Etherscan users.

Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts.🛡️🔍 pic.twitter.com/EGDLiCrrAa

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) April 8, 2024

Shortly after that, Scam Sniffer confirmed the presence of a new scam through their official X account.

“Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts,” Scam Sniffer explained.

Scam Sniffer uncovered the extent of the phishing campaign, noting that the advertisements were spreading beyond Etherscan and popping up on popular search engines like Google, Bing, DuckDuckGo, and social media platforms.

Renowned on-chain detective ZachXBT delved further. He disclosed that the phishing on Etherscan is linked to a draining service. Furthermore, ZachXBT revealed that the draining service had phished a six-figure sum from a victim.

A customer of a popular draining service just phished six figures from a victim.

Worked with the team to blacklist the phishing scammer before they could dump DSYNC on holders.

Theft address
0x4689208d311785359C4E060ee30011d8e1a68bf0 pic.twitter.com/hNsoI5b4pD

— ZachXBT (@zachxbt) April 8, 2024

ZachXBT also shared the address of the theft. When the address was looked up on-chain, it was found that the wallet contained 87.08 Ethereum (ETH), equivalent to approximately $298,972 at the time of reporting.

This amount is equivalent to approximately $298,972 at the time of writing. Additionally, the scammer holds other tokens and coins, including $25,375 worth of OPSEC, $9,642 worth of PEPE, and $4,207 worth of Ethena (ENA).

Although the notorious cyber phishing organization Angel Drainer is suspected of orchestrating this ongoing attack against Etherscan users, concrete evidence about the perpetrators remains elusive.

The modus operandi of the wallet drainer scam involves enticing users to counterfeit websites and prompting them to link their crypto wallets. Once linked, scammers can siphon off funds into their personal wallet addresses without requiring user authentication or permission.

Chief Information Security Officer 23pds from blockchain security firm SlowMist emphasized the warning, advising users to exercise caution due to the presence of phishing ads on Etherscan.

😅 注意了,有钓鱼广告上etherscan投放广告 https://t.co/gMAwZJwMeF

— 23pds (@im23pds) April 7, 2024

Phishing Attacks on Crypto Users Lead to $300 Million in Losses in 2023, Reports Scam Sniffer


Phishing attacks pose a significant threat to crypto users, with nearly $300 million stolen from over 324,000 victims through wallet drainers in 2023 alone, according to Scam Sniffer.

💸 Losses due to phishing in 2024 have already exceeded $100 million.

🛡️ To better protect our users, the Scam Sniffer Chrome extension has now started detecting phishing links on Twitter proactively! pic.twitter.com/eYHPcfPxUH

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) March 11, 2024

According to Scam Sniffer data, phishing attacks scammed around 97,000 crypto users of $104 million in the first few months of this year. Losses were $55 million in January, with $46.8 million coming in February.

Ethereum users suffered the most damage, losing $78 million in assets, including ETH and ERC20 tokens, according to a breakdown of the attacks. The primary tactic used by cybercriminals was to trick victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance,” which allowed the malicious players to acquire unauthorized access to their victims’ cash.

“Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” Sniffer explained in a statement.

Also, Scam Sniffer discovered that the majority of victims were duped by false comments on social media platforms, particularly X. The attackers frequently pose as respectable cryptocurrency organizations to attract unwary people to phishing sites where their digital assets are stolen.

Despite efforts to shut down such scams, Scam Sniffer notes that “phishing gangs” often relocate their operations to different platforms, indicating a persistent challenge in combating fraudulent activities in the crypto space.

Read more --->