Phishing scammers have recently cloned Ethereum blockchain scanner Etherscan and crypto media outlet Blockworks in an attempt to entice unsuspecting visitors to connect their wallets to a crypto drainer. Phishing scams targeting cryptocurrency enthusiasts and investors are unfortunately quite common. These scams often involve creating fake websites or emails that mimic legitimate cryptocurrency services to trick individuals into revealing their sensitive information or transferring their cryptocurrencies to the scammers.
It’s important to be vigilant and take steps to protect yourself against such scams. Remember that the cryptocurrency space is still relatively new, and scams and phishing attempts are a real threat. Always exercise caution, and don’t rush into any transaction or action without verifying its authenticity. It’s essential to take cybersecurity seriously to protect your investments and personal information.
The fake Blockworks site in question displayed a questionable “BREAKING” news report of a supposedly multimillion-dollar “Approvals exploit” on the decentralised exchange Uniswap and it entices uses to visit a fake Etherscan website to rescind approvals. The fake Uniswap news article was posted on Reddit, on a variety of popular crypto-related subreddits by possibly compromised Reddit accounts.
The fake Blockworks website (Left) shows a fake breaking news story of a Uniswap exploit compared to the legitimate website (Right).
Fake Crypto Websites in Full Swing
The fake Etherscan website in question, which shows a purported token and a smart contract approval checker, instead masks as a wallet drainer. Beosin, a blockchain security firm reviewed the drainer’s smart contract and told Cointelegraph that the attacker envisions to drain wallets with at least 0.1 Ether $1,793, worth $180. However, the drainer is incorrectly set up as “There is no phishing transaction prompted after a wallet is connected”.
A follow up age check on the domains showed that the fake Etherscan site, approvalscan.io, was registered recently on October 25th, and the faked Blockworks site, blockworks.media, was registered just a day later. In a Twitter post that was posted on October 25th, Web3 anti scam platfrom Scam Sniffer demonstrated that the scammers had set up a wallet drainer on a website that was cloning the crypto news outlet Decrypt.
Sam Sniffer told Cointelegraph the faked Blockworks and Decrypt sites are, however, run by different scammers. The devious scenarios are just some of the ways a phishing attack can target cryptocurrency users. Having said that, it’s important to practice due diligence and be careful when dealing with crypto.
Also Read: Roblox Debunks Inaccurate XRP Support Claims and Stresses That Crypto Payments Are Not Allowed
8 Ways on How to Stay Protected When Dealing With Cryptocurrency
The following steps can be practised by individuals to protect themselves:
1. Recognising the Phishing Attempt
Users should always be cautious when encountering unsolicited, sensational news reports in the cryptocurrency space. Scammers often use such tactics to create a sense of urgency and fear.
2. Verify the Source
Before taking any action, users should verify the authenticity of the news by visiting well-known cryptocurrency news websites or checking official social media channels of the projects involved. Legitimate news outlets and projects often confirm or debunk such news.
3. Check Website URLs
When visiting websites, always double-check the URLs to ensure they are the official ones. In this case, ensure that you are on the genuine Blockworks website and Etherscan website by checking the URLs in your web browser thoroughly.
4. Avoid Clicking on Links
Instead of clicking on links provided in the news report or emails, it’s safer to manually type the URLs of the websites you intend to visit into your web browser.
5. Enable 2FA
If you’re concerned about the security of your cryptocurrency holdings on a platform like Uniswap, ensure you have Two-Factor Authentication (2FA) enabled on your account. This provides an extra layer of security.
6. Rescind Approvals Cautiously
If you believe there is a legitimate reason to revoke approvals for a smart contract on Uniswap or any other platform, do so by directly accessing the platform’s official website and using its tools or interfaces. Do not follow links provided by suspicious sources.
7. Report the Phishing Attempt
If you encounter a phishing attempt, report it to the appropriate authorities, such as the Anti-Phishing Working Group (APWG), and to the affected cryptocurrency platform.
8. Educate Yourself
Staying informed about common phishing tactics and scams in the cryptocurrency space is crucial. Knowledge and vigilance are your best defenses against such attacks.
In the cryptocurrency world, security and skepticism are essential. Always verify the authenticity of information and the legitimacy of websites, and never rush into actions prompted by unsolicited news reports or emails. Phishing attacks are designed to exploit fear and urgency, so taking your time to verify information can prevent falling victim to these scams. For the latest crypto news, check out player.me/category/news/crypto/.