By
Godfrey Benjamin
April 29th, 2024
Phishing ads are showing up on Etherscan to target unsuspecting users and steal their funds, likely via a wallet drainer.
Several phishing scam advertisements have appeared on the Ethereum blockchain explorer Etherscan. According to reports, this is part of a larger phishing campaign targeting visitors to the popular blockchain explorer, among others.
Earlier today, Twitter user McBiblets made an X post announcing that some ads on Etherscan are connected to wallet drainers. The post includes a URL where the ads point and warns users against clicking the ads.
Phishing Scam Ads on Etherscan, Google, Bing, and Others
Apparently, the Etherscan ads also appear on several other known phishing websites.
The average wallet drainer scam tries to trick users into visiting fake websites and connecting their crypto wallets. Users who fall for the scam end up losing their funds, as the scammer or website can then drain their wallets without authentication.
In a follow-up tweet, McBiblets tagged Scam Sniffer, a Web3 anti-scam platform. Following McBiblet’s lead, Scam Sniffer began digging and found that the phishing ads are also appearing on popular sites and search engines, including Google, X (formerly Twitter), DuckDuckGo, and Bing. The anti-scam platform noted that inadequate measures to scrutinize ads likely cause problems like this by explaining that:
“Etherscan aggregates ads from platforms like Coinzilla and Persona, where insufficient filtering could lead to exposure to phishing attempts.”
Angel Drainer May Be Responsible for Phishing Ads
According to reports, the most likely (although unconfirmed) suspect is Angel Drainer, a phishing organization notoriously responsible for draining more than $403,000 worth of assets from several wallets in February. Per blockchain security service Blockaid, Angel Drainer launched a malicious Safe (formerly Gnosis Safe) vault contract. The group used the contact to phish, and successfully scammed 128 wallets. According to Blockaid, the scammers decided on a Safe vault, which they used to promote a “false sense of security” because Etherscan automatically flags it as safe. Blockaid however assured that the scam was not an attack on Safe.
In an earlier post, Blockaid noted that the Angel Drainer Group has been in operation for one year and has successfully drained more than $25 million from about 35,000 wallets.
Last December, Angel Drainer stole more than $484,000 from several Web3 apps by luring users into making approvals on their accounts. Reports state that the group compromised a former Ledger employee’s computer, accessed their node package manager JavaScript (NPMJS) account, and uploaded an update to Ledger Connect’s GitHub repo, containing harmful code. Apps that upgraded to the new version, including SushiSwap, Phantom, and Zapper, became infected with the code.
Inferno Drainer Stole $80 Million
Last November, Inferno Drainer, another notorious scam group, publicly announced its closure. In a Telegram message, the group said it was shutting down after draining more than $80 million. It described its campaign as “the craziest journey”, and noted it was time to move on.
Inferno Drainer became popular after Monkey Drainer shut down. Like Monkey Drainer, Inferno Drainer launched a wallet-draining software and took 20% of all funds stolen. Interestingly, the Telegram message asked members of its community not to trust anyone who will claim they are part of the group, to scam members. The message read, “Inferno is closed for good and won’t return again.”