A recent revelation has spotlighted a large-scale phishing campaign leveraging advertisements on Etherscan, a renowned Ethereum blockchain explorer, to orchestrate wallet drainer scams. This scam typically misleads individuals into visiting counterfeit sites, where they are prompted to connect their cryptocurrency wallets, leading to the unauthorized withdrawal of their funds.
The issue came to light on April 8, when a X community member known as McBiblets identified these malicious ads on Etherscan, alerting users to the risk of being diverted to phishing sites through these ads. Further investigation demonstrated that these phishing ads on Etherscan are not isolated; they have been found on multiple known phishing websites as well.
Scam Sniffer, a platform dedicated to combating Web3 scams, following McBiblets’ discovery, revealed that the reach of these deceptive ads extends beyond Etherscan, appearing on major search engines such as Google, Bing, DuckDuckGo, and the social media platform X. The analysis by Scam Sniffer suggested that the widespread dissemination of these phishing ads could be attributed to inadequate screening by ad aggregators like Coinzilla and Persona, thereby facilitating the proliferation of these scams.
The mechanics of the scam are straightforward yet devastating: individuals are lured to fake websites and encouraged to link their crypto wallets. The scammers then drain the victims’ funds to their own wallets without requiring any form of user authentication or permission.
SlowMist, a blockchain security firm, through its chief information security officer known as 23pds, also warned users about the phishing ads present on Etherscan, emphasizing the need for heightened vigilance.
At the center of these phishing campaigns is the infamous Angel Drainer group, suspected to be orchestrating these attacks against Etherscan users. Although their exact identity remains unconfirmed, the impact of their actions is undeniable. In 2023 alone, crypto phishing scams, predominantly through wallet drainers, have defrauded victims of nearly $300 million, affecting over 324,000 individuals.
Scam Sniffer has pointed out that the termination of one phishing operation merely leads to the rise of another, underscoring a relentless cycle fueled by the seemingly endless availability of platforms that cater to these fraudulent schemes. This ongoing issue highlights the critical challenges and the imperative need for robust countermeasures in the fight against cyber phishing within the cryptocurrency ecosystem.
