A major phishing campaign has been discovered targeting users of the Ethereum blockchain explorer, Etherscan. The phishing attempt was identified by a community member who noticed that some advertisements on Etherscan were acting as wallet drainers, leading users to phishing websites when clicked. Further investigation revealed that these phishing advertisements were not limited to Etherscan, but were also found across multiple well-known phishing websites, key search engines such as Google, Bing, and DuckDuckGo, as well as a social media platform.
The web3 anti-scam platform, Scam Sniffer, suspects that this large-scale phishing campaign was facilitated by a lack of control by advertisement aggregators, as Etherscan aggregates ads from platforms like Coinzilla and Persona, where insufficient filtering could lead to exposure to phishing attempts.
The phishing campaign involves luring users to fake websites and asking them to connect their cryptocurrency wallets. Once connected, the scammer can withdraw funds to their personal wallet addresses without the user’s verification or authorization. The infamous cyber phishing company, Angel Drainer, is suspected of leading this ongoing phishing attack campaign against Etherscan users.
According to data from Scam Sniffer, phishing attacks scammed around 97,000 crypto users of $104 million in the first few months of this year, with Ethereum users suffering the most damage, losing $78 million in assets, including ETH and ERC20 tokens. The primary tactic used by cybercriminals was to trick victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance,” which allowed the malicious players to gain unauthorized access to their victims’ funds.
