In a troubling development, phishing scammers have orchestrated a scheme to replicate the websites of notable crypto media platform Blockworks and the popular Ethereum blockchain scanner, Etherscan. Their devious intent is to lure unsuspecting readers into connecting their wallets to a malicious crypto drainer.
The modus operandi involves a fraudulent Blockworks website that prominently features a fabricated “BREAKING” news report, claiming a supposed multimillion-dollar “approvals exploit” on the decentralized exchange Uniswap. It cunningly encourages users to visit a counterfeit Etherscan website to revoke their approvals. This deceptive Uniswap news piece was disseminated on various crypto-related subreddits on Reddit, utilizing seemingly compromised Reddit accounts.
The sham Etherscan website, which initially poses as a token and smart contract approval checker, conceals a hidden wallet drainer.
Blockchain security firm Beosin has conducted a review of the drainer’s smart contract, disclosing the attacker’s aim to drain wallets containing a minimum of 0.1 Ether (ETH), equivalent to $180. However, it’s noteworthy that the drainer has been configured incorrectly, as it does not trigger a phishing transaction once a wallet is connected.
Investigations into the domain registration reveal that the fraudulent Etherscan site, approvalscan.io, was registered on October 25, with the bogus Blockworks site, blockworks.media, following suit just a day later.
In a tweet posted on October 25, Web3 anti-scam platform Scam Sniffer exposed a similar wallet-draining scheme on a website imitating the crypto news outlet Decrypt.
Scam Sniffer clarified to Cointelegraph that the counterfeit Blockworks and Decrypt sites are operated by distinct groups of scammers. The situation continues to raise concerns within the crypto community, as these fraudulent websites undermine trust and security in the cryptocurrency space. Vigilance is essential to protect against such malicious activities.