Etherscan users targeted in sophisticated phishing scam

On X, a phishing scheme targeting Etherscan customers was exposed. Ads were used to redirect victims to websites that drain their cryptocurrency wallets. The discovery led to an investigation that revealed the existence of malicious ads on various platforms including popular search engine. Hacking has also become a problem in the crypto-space, however ParaSwap announced plans to compensate their hack victims with its own treasury. The crypto-space is also facing some ethical and legal challenges. This includes aggressive IRS tactics directed at blockchain investigators.

Phishing ads on Etherscan

Recently, a major phishing attack targeting Etherscan was exposed. McBiblets, a member of the X community who was aware of this issue on April 8, first spotted it. 8 discovered certain ads displayed on Etherscan’s Ethereum blockchain browser were part of the wallet drainer scam. When these malicious ads were clicked, they would direct users to phishing sites designed to steal cryptocurrency.

This investigation expanded upon McBiblets initial findings and revealed that phishing advertisements were prevalent not only on Etherscan, but had also spread to other phishing sites. Scam Sniffer, a Web3 platform that fights scams, found out these ads were not only on Etherscan but also on other phishing websites.

The wallet drainer is a simple but effective scam. These ads lure users to fake sites and convince them to link their wallets. Scammers then have the ability to drain wallet funds, without requiring user authorization or authentication. The scammers have proven this method to be extremely effective, with over $300 million reported stolen in 2023 from 324,000 victims.

SlowMist’s Chief Information Security Officer, 23pds, as well as other blockchain experts have warned about these ads. The exact scammers responsible for the campaign are still unknown, but many believe it is the notorious phishing organization Angel Drainer.

What is Phishing Scams?

In the cryptocurrency industry, phishing is an advanced scamming method whereby fraudsters pose as trusted organizations to trick people into divulging sensitive information such as private keys or personal data. The scam is aimed to illicitly acquire cryptocurrencies. Its frequency and complexity has increased, posing a serious risk for wallets, exchanges and those participating in Initial Coin Offerings (ICOs).

Phishing operations begin with phishing communications, which are fakes that look like they come from trusted sources. They then lure victims by sending them links to carefully crafted sites that mimic genuine platforms. Users who enter their login credentials onto these fake sites are unknowingly granting attackers access their digital funds.

Many strategies are used in cryptocurrency phishing, and these adapt to different aspects of the ecosystem. Spear-phishing targets individuals or organizations, using information about the victim to increase the credibility of an attack. The concept of whaling attacks is taken to the next level by targeting high-ranking executives within organizations. If successful, this could compromise entire networks. Clone-phishing is the act of duplicating emails and adding malicious links or attachments. This exploits the recipients’ familiarity with the sender. The more technical approach is Pharming, which manipulates DNS entries in order to divert users away from genuine sites and onto fraudulent replicas.

Other phishing schemes include the evil twin attack, which creates fake Wi-Fi networks in order to gather credentials. Voice phishing is also known as vishing and involves using phone calls under false pretenses to obtain sensitive data.

DNS hijacking is another advanced tactic that involves changing DNS entries in order to trick users into visiting fake websites. Cybercriminals can now automate these tricks and spread them across the internet with phishing robots. The distribution of fake extensions is a threat to privacy and security. They pose as genuine tools, but secretly steal data, and direct users to scam websites.

The most innovative phishing techniques include ice-phishing, in which attackers fool victims into signing transactions, thereby transferring control over their tokens unknowingly, and Crypto-malware that encrypts data of users for ransom. This is often spread through malicious links or downloads.

ParaSwap Takes Action

ParaSwap is a major DeFi aggregator and has recently decided to reimburse the victims of an attack using funds from its Treasury. The decision was made after ParaSwap’s decentralized autonomous organisation (DAO), which proposed refunding the victims of AugustusV6 contracts vulnerability, came forward. This proposal was overwhelmingly supported by the community with 96.81% voting in favor of the compensation plan.

AugustusV6 was introduced briefly on March 18. The AugustusV6 contract was briefly introduced on Mar. It contained a major flaw which allowed hackers to steal money from users that approved the upgrade. A prompt cancellation of the contract saved $3.4 million, but $864,000 of assets was lost.

ParaSwap acted immediately by working with Chainalysis, a blockchain security and analytics company and Chainalysis, a blockchain analytics and analysis firm. The main purpose of this was to identify and track the hacker’s addresses. This initiative was partially successful, as assets worth approximately $500,000. ParaSwap Foundation will cover the remaining costs and losses related to the vulnerabilities, such as refunds, security analyses, contract audits and communication with authorities.

The move to refund all affected users follows the hacking in March in the blockchain sector, in which almost $100,000,000 in digital assets was stolen from various platforms. According to the blockchain security company PeckShield 52.8% have recovered.

Fine Line

Even those looking for help feel overwhelmed by crypto crimes. ZachXBT, a blockchain investigator from the United States Internal Revenue Service’s Criminal Investigation Unit (CIU), recently expressed his concerns about what he called aggressive tactics used by IRS to seek out ZachXBT’s expertise on blockchain investigations. ZachXBT, in a post on X that was detailed, shared several cases where IRS appeared to have overstepped boundaries. These included showing up at unannounced former residences and using private emails for communication.

ZachXBT made these allegations as he acknowledged his desire to assist victims and the law in combating blockchain-related crime. The investigator was not happy with the IRS approach, but an email sent by an IRS agent was posted in the blog. ZachXBT was praised by the agent for his proficiency with blockchain tools. He expressed the desire to learn more from ZachXBT to improve the effectiveness of law enforcement in the crypto- and cyber sector. ZachXBT, despite the compliments, criticized IRS contact methods as being a flagrant disregard for professionalism.

ZachXBT has recently refused to help holders of Complex (SIMPLE), a memecoin that was abruptly discontinued by its developers in April. 4. ZachXBT explained his decision, stating that he was unwilling to invest time in people who, according to him, recklessly invested in meme coins, which are not reliable, rather than real victims.

ZachXBT’s experience raises questions regarding the balance of law enforcement’s desire to learn about cryptocurrency, while also respecting personal boundaries and the professional ethics of the people they are seeking assistance from.

Digital Rights at Stake

Some people believe, on the other hand that the ones who want to help could actually do more harm than good to the digital assets sector. Three prominent cryptocurrency advocacy groups in the United States have come forward to support Roman Storm, Tornado Cash’s co-founder, who is facing serious legal challenges. In April. The Blockchain Association, Coin Center and DeFi Education Fund filed documents with the U.S. District Court for Southern District of New York on April 5. The organizations put forward arguments to dismiss the accusations against Storm. They challenged the idea that Tornado Cash – a crypto mixer – controlled funds and messages sent by its users through the platform.

In their individual filings, the advocacy groups raised several important issues. The advocacy groups specifically stated that Storm’s felony charges misconstrued the Tornado Cash operations and raised important First Amendment issues. They argue, in particular, that allegations of money laundering and sanction violations misunderstand fundamental dynamics between smart contracts protocols and their creators.

Marisa Coppel is the head of legal at the Blockchain Association. She also expressed concerns about the wider implications of adopting a government-led legal position. This perspective, she believes, threatens the entire fintech industry. They have asked the court to accept the burden of proof placed on the government and dismiss charges they believe are unfounded to protect defendants’ rights and integrity in the digital assets sector.

The legal action comes after the U.S. Justice Department announced charges in August 2023 against Storm and Roman Semenov. Storm has pleaded not guilty, and is currently under a bond of $2 million with travel restrictions. Semenov is yet to be located, while Storm’s court date is set for September.

Tornado Cash’s case extends outside the United States. In August 2022, developer Alexey Prittsev was arrested in The Netherlands on suspicion of helping North Korean hackers to launder approximately $1 billion using the cryptocurrency mixer. Pertsev has been released from custody after nine months.

Tornado Cash controversy escalated when the U.S. Treasury Office of Foreign Asset Control decided to classify crypto addresses that were associated with Tornado Cash under Specially Designated Nationals. This led crypto advocates to file lawsuits against U.S. Treasury. Both cases are still pending, awaiting final decisions in appeals after losing initial summary judgment motions.