Massive phishing campaign linked to Etherscan advertisements

A major phishing campaign targeting Etherscan users has been discovered, with several advertisements on the Ethereum blockchain explorer identified as part of the scheme. On April 8, a community member named McBiblets warned users about these advertisements, advising them not to click on them to avoid being redirected to phishing websites. Further investigations revealed that the same phishing advertisements were also appearing on well-known phishing websites. Scam Sniffer, a Web3 anti-scam platform, confirmed this and found that the advertisements were even showing up on search engines like Google, Bing, and DuckDuckGo, as well as social media platforms. Scam Sniffer suspected that the lack of oversight from advertisement aggregators was to blame for the large-scale phishing campaign. The scam involves tricking users into visiting fake websites and linking their crypto wallets, allowing scammers to withdraw funds without user authentication. SlowMist, a blockchain security firm, also issued a warning about the phishing advertisements on Etherscan, suspecting the notorious Angel Drainer cyber phishing organization of running the campaign. However, the scammers’ identity remains unidentified. In 2023 alone, crypto phishing scams stole nearly $300 million from over 324,000 victims through wallet drainers. Scam Sniffer reported that even when these drainers shut down, other phishing gangs quickly take their place due to the availability of platforms facilitating their activities.