Several advertisements displayed on the Ethereum blockchain explorer Etherscan have been identified as part of a significant phishing campaign directly targeting Etherscan users.
On April 8, a member of the X community named McBiblets alerted users to certain Etherscan ads that were leading to phishing websites, posing a threat to users’ wallets.
Further investigation revealed that these phishing advertisements were not limited to Etherscan but were also found on various well-known phishing websites.
Following McBiblets’ discovery, the web3 anti-scam platform Scam Sniffer found that the phishing ads had spread to major search engines like Google, Bing, and DuckDuckGo, as well as a social media platform referred to as X.
Scam Sniffer suspects that the widespread phishing campaign may be attributed to inadequate control by advertisement aggregators like Coinzilla and Persona, leading to exposure to phishing attempts.
The fraudulent activity, known as wallet draining, involves luring users to fake websites and prompting them to connect their cryptocurrency wallets, enabling scammers to transfer funds to their own wallets without user consent.
SlowMist’s principal information security officer, 23pds, also issued a warning regarding the phishing ads on Etherscan, advising users to exercise caution.
Although the cyber phishing company Angel Drainer is suspected of orchestrating the ongoing phishing attacks against Etherscan users, concrete evidence of the perpetrators’ identities remains elusive.
This phishing advisory coincides with a surge in phishing schemes targeting the crypto industry, with data from Scam Sniffer indicating that such attacks have defrauded approximately 97,000 crypto users of $104 million in the first months of this year, primarily through tactics like tricking victims into signing malicious phishing signatures.
Ethereum users have been the hardest hit by these attacks, suffering significant losses in assets like ETH and ERC20 tokens, with the primary method being luring victims to phishing sites through false comments on social media platforms.
Cybercriminals often impersonate legitimate cryptocurrency organizations to lure unsuspecting individuals to phishing sites where their digital assets are stolen.