Etherscan Users Targeted in Large-Scale Phishing Campaign through On-Site Advertisements

On April 8, a member of the X community named McBiblets identified certain advertisements on Etherscan as potential wallet drainers. McBiblets warned users that clicking on these ads could lead to phishing websites. Subsequent investigations revealed that these phishing advertisements were also present on several well-known phishing websites. Following McBiblets’ discovery, the web3 anti-scam platform Scam Sniffer found that the phishing advertising had extended beyond Etherscan, appearing on major search engines like Google, Bing, and DuckDuckGo, as well as on social media platform X.

The scam allows the perpetrator to withdraw funds to their personal wallet addresses without the user’s verification or authorization. However, no substantial evidence of the scammers’ identities has been discovered at the time of writing. This situation comes at a time when the industry is contending with a growing number of phishing schemes aimed at it. Ethereum users have been particularly affected, having lost $78 million in assets, including ETH and ERC20 tokens, as a result of these attacks.

The attackers often masquerade as reputable cryptocurrency organizations to lure unsuspecting individuals to phishing sites where their digital assets are subsequently stolen.