以太坊區塊鏈瀏覽器遭受一波針對用戶的網路釣魚攻擊

Etherscan 是一款受歡迎的以太坊區塊鏈瀏覽器，其廣告已受到網路釣魚活動的危害。最近引人注目的網路釣魚攻擊已導致受害者在 2023 年被盜超過 3 億美元。Etherscan 的廣告現在被用來引誘用戶訪問惡意網站，從而耗盡他們的加密錢包。由於廣告聚合商缺乏監督，這些攻擊變得更加容易，使得惡意行為者可以利用該平台。專家提醒廣大用戶，遇到這類騙局一定要提高警覺。

Ethereum Blockchain Explorer Plagued by Phishing Scams Targeting Users

以太坊區塊鏈瀏覽器遭受針對用戶的網路釣魚詐騙

The Ethereum blockchain explorer, Etherscan, has become a breeding ground for phishing campaigns, posing a significant threat to platform users. The malicious advertisements on Etherscan are designed to deceive users and drain their crypto assets.

以太坊區塊鏈瀏覽器 Etherscan 已成為網路釣魚活動的滋生地，對平台用戶構成重大威脅。 Etherscan 上的惡意廣告旨在欺騙用戶並耗盡他們的加密資產。

Phishing Attacks on the Rise

網路釣魚攻擊呈上升趨勢

Phishing scams have become increasingly prevalent in the cryptocurrency space, with over $300 million stolen from over 324,000 victims in 2023 alone. These scams often involve fraudulent websites or email communications that mimic legitimate entities to trick users into revealing their sensitive information, such as private keys or login credentials.

網路釣魚詐騙在加密貨幣領域變得越來越普遍，光是 2023 年就有超過 324,000 名受害者被盜超過 3 億美元。這些詐騙通常涉及模仿合法實體的詐騙網站或電子郵件通信，以誘騙用戶洩露其敏感資訊，例如私鑰或登入憑證。

Etherscan Advertisements Fueling Phishing Attacks

Etherscan 廣告助長網路釣魚攻擊

On April 8, 2024, a member of the X Community, McBiblets, sounded the alarm on Twitter, exposing Etherscan advertisements that were redirecting users to malicious websites known as "wallet drainers." These websites are designed to steal all funds from users' connected crypto wallets.

2024 年 4 月 8 日，X 社群成員 McBiblets 在 Twitter 上敲響了警鐘，曝光了 Etherscan 廣告，這些廣告將用戶重新導向到被稱為「錢包耗盡者」的惡意網站。這些網站旨在竊取用戶連接的加密錢包中的所有資金。

The malicious advertisements have also been detected on major search engines like Google, Bing, and DuckDuckGo, as well as on popular social media platforms like X. This widespread reach has significantly increased the potential for users to fall victim to these phishing scams.

Google、Bing 和 DuckDuckGo 等主要搜尋引擎以及 X 等流行社交媒體平台上也檢測到了惡意廣告。這種廣泛的影響範圍大大增加了用戶成為這些網路釣魚詐騙受害者的可能性。

Experts React to the Attack

專家對攻擊做出反應

Anti-scam organizations such as Scam Sniffer and SlowMist have condemned the lack of oversight by ad aggregators like Coinzilla and Persona, who have allowed malicious actors to exploit their software and target innocent users.

Scam Sniffer 和 SlowMist 等反詐騙組織譴責 Coinzilla 和 Persona 等廣告聚合商缺乏監管，這些廣告聚合商允許惡意行為者利用其軟體並針對無辜用戶。

According to Scam Sniffer, these types of scams have already stolen approximately $104 million worth of assets from over 97,000 crypto users in the first two months of 2024 alone. Ethereum holders have been particularly hard hit, losing an estimated $78 million in ERC20 tokens and ETH.

據 Scam Sniffer 稱，僅在 2024 年前兩個月，此類詐騙就已從超過 97,000 名加密貨幣用戶處竊取了價值約 1.04 億美元的資產。以太坊持有者受到的打擊尤其嚴重，損失了估計 7,800 萬美元的 ERC20 代幣和 ETH。

SlowMist has also issued a warning to crypto users, urging them to exercise extreme caution when encountering suspicious websites or advertisements.

慢霧也向加密貨幣用戶發出警告，敦促他們在遇到可疑網站或廣告時要格外小心。

Suspected Phishing Attack Leader

疑似網路釣魚攻擊頭目

While the identities of the scammers behind the Etherscan phishing attacks remain unknown, suspicion has fallen upon an obscure cyber phishing company known as Angel Drainer. However, no definitive evidence has yet emerged to confirm their involvement.

雖然 Etherscan 網路釣魚攻擊背後的詐騙者的身份仍然未知，但懷疑已落在一家名為 Angel Drainer 的名不見經傳的網路釣魚公司身上。然而，尚未出現明確的證據證實他們參與其中。

Expert Analysis

專家分析

Steve Anderson, an Australian crypto expert and trading specialist with over five years of experience, has provided his insights into the situation. Anderson believes that the lack of regulation in the cryptocurrency industry has allowed malicious actors to operate with impunity.

擁有五年以上經驗的澳洲加密貨幣專家和交易專家史蒂夫·安德森（Steve Anderson）提供了他對這一情況的見解。安德森認為，加密貨幣產業缺乏監管，導致惡意行為者逍遙法外。

"The cryptocurrency space is in desperate need of stronger regulations to protect users from these types of scams," Anderson said. "Until such regulations are in place, users must remain vigilant and take steps to protect their assets."

安德森說：“加密貨幣領域迫切需要更強有力的監管，以保護用戶免受此類詐騙。” “在此類法規到位之前，用戶必須保持警惕並採取措施保護自己的資產。”

Recommendations for Users

給使用者的建議

To protect themselves from phishing scams, Etherscan users are advised to:

為了保護自己免受網路釣魚詐騙，建議 Etherscan 用戶：

• Exercise caution when clicking on advertisements or links, especially those offering unsolicited rewards or promotions.
• Always verify the authenticity of websites and URLs before entering sensitive information.
• Use two-factor authentication (2FA) to add an extra layer of security to their accounts.
• Report any suspicious or malicious advertisements to Etherscan or the appropriate authorities.

By following these guidelines and staying informed about the latest phishing scams, Etherscan users can help mitigate the risks and protect their cryptocurrency assets.

點擊廣告或連結時請務必小心，尤其是那些提供未經請求的獎勵或促銷的廣告或連結。在輸入敏感資訊之前，請務必驗證網站和URL 的真實性。使用雙重認證(2FA) 為其帳戶添加額外的安全層。舉報向 Etherscan 或相關當局發送任何可疑或惡意廣告。透過遵循這些準則並隨時了解最新的網路釣魚詐騙，Etherscan 用戶可以協助降低風險並保護其加密貨幣資產。