Jannat Ara

Major Phishing Campaign Targets Etherscan Users via On-Site Ads

Etherscan, the popular Ethereum blockchain explorer, has recently become the focal point of a significant phishing campaign, with malicious actors targeting unsuspecting users through deceptive on-site advertisements.

The phishing attempt was first brought to light by X community member McBiblets on April 8, who identified certain ads on Etherscan as potential threats, directing users to phishing websites upon clicking.

Further investigation revealed that these phishing advertisements were not limited to Etherscan alone but had also proliferated across various well-known phishing platforms. Notably, the fraudulent ads appeared not only on Etherscan but also on major search engines such as Google, Bing, and DuckDuckGo, as well as social media platforms like X.

According to web3 anti-scam platform Scam Sniffer, the widespread phishing campaign may have been facilitated by a lack of adequate controls by advertisement aggregators utilized by Etherscan. These aggregators, such as Coinzilla and Persona, may have failed to implement sufficient filtering mechanisms, thereby exposing users to phishing attempts.

The modus operandi of the phishing scheme involves luring users to counterfeit websites and prompting them to connect their cryptocurrency wallets. Subsequently, scammers gain unauthorized access to users’ funds and siphon them off to their personal wallet addresses without any verification or authorization from the victims.

23pds, principal information security officer at SlowMist, also issued a cautionary warning regarding the phishing ads on Etherscan, urging users to exercise caution to avoid falling victim to such scams.

While the identity of the perpetrators behind the phishing campaign, including the notorious cyber phishing group Angel Drainer, remains undisclosed, the incident underscores the growing threat posed by phishing schemes targeting the crypto industry.

According to Scam Sniffer data, phishing attacks have defrauded approximately 97,000 crypto users of a staggering $104 million in the first few months of this year alone. Ethereum users bore the brunt of these attacks, suffering losses totaling $78 million in assets, including ETH and ERC20 tokens.

The primary tactic employed by cybercriminals involves tricking victims into signing deceptive phishing signatures like “Uniswap Permit2” and “increaseAllowance,” granting unauthorized access to their digital assets.

Most victims were ensnared through false comments on social media platforms, particularly X, where attackers impersonated reputable cryptocurrency organizations to lure unsuspecting individuals to phishing sites.

As the crypto industry grapples with an escalating number of phishing threats, vigilance and caution remain paramount to safeguarding against potential scams and mitigating financial losses.

Powered by Crypto Expert BD

Follow us on Twitter: https://x.com/CryptoExpert_BD

Join our Telegram channel: https://t.me/CryptoExpert_BD

Leave a Comment