Phishing scams are targeting people who use Etherscan through ads.

A significant phishing campaign targeting Ethereum blockchain explorer Etherscan users has been discovered, with several advertisements identified as part of the malicious operation.

A user on X flagged the campaign because it contained potentially malicious phishing scam ads.

Warning issued after phishing campaign targets Etherscan users.



On April 8, McBiblets flagged certain Etherscan advertisements as potential wallet drainers, warning users against being redirected to phishing websites if they clicked on them.

Further investigation revealed that these phishing advertisements were not only found on Etherscan, but also on several other well-known phishing websites. The warning was quickly responded to by Web3 security platform Scam Sniffer, which launched an investigation.


Shortly after, Scam Sniffer confirmed the existence of a new scam on their official X account.

“Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts,” Scam Sniffer explained.

Scam Sniffer discovered the scope of the phishing campaign, noting that advertisements were appearing on popular search engines such as Google, Bing, DuckDuckGo, and social media platforms in addition to Etherscan.

ZachXBT, a renowned on-chain detective, dug deeper. He admitted that the phishing on Etherscan is linked to a draining service. In addition, ZachXBT revealed that the draining service had phished a victim for a six-figure sum.


ZachXBT also shared the address of the theft. When the address was looked up on-chain, it was discovered that the wallet contained 87.08 Ethereum (ETH), which was worth approximately $298,972 at the time of reporting.

At the time of writing, this amount was equivalent to approximately $298,972. The scammer also owns other tokens and coins, including $25,375 in OPSEC, $9,642 in PEPE, and $4,207 in Ethena (ENA).

Although the notorious cyberphishing organization Angel Drainer is suspected of orchestrating the ongoing attack on Etherscan users, concrete evidence about the perpetrators remains elusive.

The wallet drainer scam works by luring users to fraudulent websites and prompting them to link their cryptocurrency wallets. Once linked, scammers can transfer funds to personal wallet addresses without user authentication or permission.

Chief Information Security Officer 23pds from blockchain security firm SlowMist emphasized the warning, advising users to exercise caution due to the presence of phishing ads on Etherscan.


Scam Sniffer reports that phishing attacks on cryptocurrency users will cause $300 million in losses by 2023.

According to Scam Sniffer, phishing attacks pose a significant threat to cryptocurrency users, with nearly $300 million stolen from over 324,000 victims via wallet drainers in 2023 alone.


According to Scam Sniffer data, phishing attacks scammed around 97,000 crypto users of $104 million in the first few months of this year. Losses were $55 million in January, with $46.8 million coming in February.

According to a breakdown of the attacks, Ethereum users were hit the hardest, losing $78 million in assets such as ETH and ERC20 tokens. The primary tactic used by cybercriminals was to trick victims into signing harmful phishing signatures like “Uniswap Permit2” and “increaseAllowance,” which allowed the malicious players to acquire unauthorized access to their victims’ cash.

“The majority of all ERC20 token thefts were caused by assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” Sniffer said in a statement.

Also, Scam Sniffer discovered that the majority of victims were duped by false comments on social media platforms, particularly X. The attackers frequently pretend to be legitimate cryptocurrency organizations in order to lure unsuspecting people to phishing sites where their digital assets are stolen.

Despite efforts to shut down such scams, Scam Sniffer observes that “phishing gangs” frequently relocate their operations to different platforms, indicating a persistent challenge in combating fraudulent activities in the cryptocurrency space.

Latest stories

You might also like...