Phishing Campaign Targets Ethereum Users via Etherscan Ads

A significant phishing campaign has been discovered targeting users of the Ethereum blockchain explorer Etherscan, with several advertisements identified as part of the malicious operation.

A user on X reported the campaign, citing the presence of potentially malicious phishing scam ads.

Warning Issued Following Phishing Campaign Targeting Etherscan Users



On April 8, McBiblets flagged certain Etherscan advertisements as potential wallet drainers, warning users against being redirected to phishing websites if they clicked on them.

Further investigation revealed that these phishing advertisements were not only found on Etherscan, but also on several other well-known phishing websites. Scam Sniffer, a web3 security platform, quickly responded to the warning and launched an investigation.


Shortly after, Scam Sniffer confirmed the existence of a new scam on their official X account.

“Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts,” Scam Sniffer explained.

Scam Sniffer discovered the scope of the phishing campaign, noting that advertisements appeared on popular search engines such as Google, Bing, DuckDuckGo, and social media platforms in addition to Etherscan.

ZachXBT, a renowned on-chain detective, dug deeper. He revealed that the phishing on Etherscan is connected to a draining service. ZachXBT also revealed that the draining service phished a victim for a six-figure sum.


ZachXBT also shared the address of the theft. When the address was searched on-chain, it was discovered that the wallet contained 87.08 Ethereum (ETH), which was equivalent to approximately $298,972 at the time of reporting.

At the time of writing, this amount was equivalent to approximately $298,972. The scammer also owns other tokens and coins, including $25,375 in OPSEC, $9,642 in PEPE, and $4,207 in Ethena (ENA).

Although the notorious cyber phishing organization Angel Drainer is suspected of orchestrating the ongoing attack against Etherscan users, concrete evidence about the perpetrators is still elusive.

The wallet drainer scam works by luring users to fraudulent websites and convincing them to link their crypto wallets. Once linked, scammers can siphon off funds into their personal wallet addresses without requiring user authentication or permission.

Chief Information Security Officer 23pds from blockchain security firm SlowMist emphasized the warning, advising users to exercise caution due to the presence of phishing ads on Etherscan.


Phishing Attacks on Crypto Users Lead to $300 Million in Losses in 2023, Reports Scam Sniffer

Phishing attacks pose a significant threat to cryptocurrency users, with nearly $300 million stolen from over 324,000 victims by wallet drainers alone in 2023, according to Scam Sniffer.


According to Scam Sniffer data, phishing attacks scammed around 97,000 crypto users of $104 million in the first few months of this year. Losses were $55 million in January, with $46.8 million coming in February.

According to a breakdown of the attacks, Ethereum users were hit the hardest, losing $78 million in assets such as ETH and ERC20 tokens. The primary tactic used by cybercriminals was to trick victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance,” which allowed the malicious players to acquire unauthorized access to their victims’ cash.

“The majority of all ERC20 token thefts were caused by assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” Sniffer said in a statement.

Also, Scam Sniffer discovered that the majority of victims were duped by false comments on social media platforms, particularly X. The attackers frequently pretend to be legitimate cryptocurrency organizations in order to lure unsuspecting people to phishing sites where their digital assets are stolen.

Despite efforts to shut down such scams, Scam Sniffer observes that “phishing gangs” frequently relocate their operations to different platforms, indicating a persistent challenge in combating fraudulent activities in the cryptocurrency space.

Latest stories

You might also like...