A user under the nickname McBiblets found "wallet devastators" embedded in an advertisement on the website of the Ethereum browser Etherscan.
All the other phishing sites it's linked to pic.twitter.com/4PjxnYn3ny
— McBiblets (@mcbiblets) April 7, 2024According to his analysis, fraudulent banners are linked to other detected phishing websites with a digital asset theme through the ipjsonapi domain.
When clicking on the link, the user is asked to link his crypto wallet to provide any service. In this way, the attackers gain control over the victim's account.
ScamSniffer experts noted that such malicious crypto advertising has been noticed in the search engines Google, Bing and DuckDuckGo, as well as Twitter.
🚨🕵️♂️ Alert: Phishing ads running rampant on Google, Twitter, Bing, & DuckDuckGo are now targeting Etherscan users.
Etherscan aggregates ads from platforms like Coinzilla & Persona, where insufficient filtering could lead to exposure to phishing attempts.🛡️🔍 pic.twitter.com/EGDLiCrrAa
The researchers admitted the presence of vulnerabilities in the mechanism of analysis of ad placement services.
"Etherscan shows ads from platforms like Coinzilla and Persona, where insufficient filtering leads to phishing attempts," ScamSniffer explained.
The director of information security at SlowMist, under the nickname 23pds, also warned about malicious content on Etherscan.
😅 注意了,有钓鱼广告上etherscan投放广告 https://t.co/gMAwZJwMeF
— 23pds (@im23pds) April 7, 2024Earlier, the founder of the Ordinary Rugs project was caught phishing on the Bitcoin Rock Discord server and as a result lost $380,000 in assets.
In March, the X accounts of several influential individuals in the crypto industry were compromised to promote the PACKY scam token. The hacker gained access through the automatic posting service IFTTT (If This then That).
According to ScamSniffer, in February, more than 57,000 users fell victim to phishing and lost a total of about $47 million in digital assets.