Etherscan 網路釣魚危機：惡意廣告耗盡加密貨幣錢包

以太坊區塊鏈瀏覽器 Etherscan 已受到涉及惡意廣告的大規模網路釣魚活動的影響。這些廣告將用戶重新導向到虛假網站，從而耗盡他們的加密錢包。這場網路釣魚活動從 Etherscan 擴展到搜尋引擎和社群媒體平台，知名網路釣魚組織 Angel Drainer 疑似對此負責。儘管安全專家發出警告，但廣告聚合商缺乏監督被認為是這次廣泛攻擊的根本原因。

Etherscan's Phishing Epidemic: A Comprehensive Analysis

Etherscan網路釣魚盛行：綜合分析

, April 8, 2023

，2023 年 4 月 8 日

A pervasive phishing campaign has compromised the integrity of Etherscan, the Ethereum blockchain explorer, leaving its users vulnerable to malicious actors. Advertisements embedded within the platform have been instrumental in diverting unsuspecting victims to fraudulent websites designed to drain their cryptocurrency wallets.

普遍存在的網路釣魚活動損害了以太坊區塊鏈瀏覽器 Etherscan 的完整性，使其用戶容易受到惡意行為者的攻擊。該平台內嵌入的廣告有助於將毫無戒心的受害者轉移到旨在耗盡其加密貨幣錢包的詐騙網站。

Initial Detection and Escalation

初步檢測和升級

The initial alarm was raised by McBiblets, an astute community member, who identified multiple advertisements on Etherscan as potential vectors for wallet compromise. He cautioned users against clicking on these advertisements, warning of the risk of being redirected to phishing websites.

最初的警報是由精明的社區成員 McBiblets 發出的，他發現 Etherscan 上的多個廣告是錢包洩露的潛在媒介。他警告用戶不要點擊這些廣告，並警告用戶有被重定向到網路釣魚網站的風險。

Thorough investigations revealed that these malicious advertisements were not isolated to Etherscan but were also present on numerous known phishing websites. Scam Sniffer, a prominent Web3 anti-scam platform, meticulously traced the origins of the advertisements, confirming that they spread beyond Etherscan's domain and reached popular search engines, including Google, Bing, and DuckDuckGo, and even surfaced on social media platforms like X.

徹底的調查顯示，這些惡意廣告並未被 Etherscan 隔離，而且還存在於許多已知的網路釣魚網站上。 Scam Sniffer 是著名的Web3 反詐騙平台，它仔細追蹤了廣告的來源，確認它們傳播到了Etherscan 的域之外，到達了流行的搜尋引擎，包括Google、Bing 和DuckDuckGo，甚至出現在X 等社交媒體平台上。

Root Cause Analysis

根本原因分析

Scam Sniffer pinpointed the lack of oversight from advertisement aggregators as the underlying cause of the widespread phishing campaign. Etherscan sources its advertisements from platforms such as Coinzilla and Persona, and insufficient filtering mechanisms within these platforms enable phishing attempts to slip through unchecked.

Scam Sniffer 指出，廣告聚合商缺乏監管是網路釣魚活動廣泛傳播的根本原因。 Etherscan 從 Coinzilla 和 Persona 等平台獲取廣告，而這些平台內的過濾機制不足，使得網路釣魚企圖無法被遏制。

The Modus Operandi of Wallet Drainers

錢包流失者的作案手法

The wallet drainer scams employed by these malicious actors are cunningly designed to lure users to counterfeit websites and prompt them to connect their cryptocurrency wallets. Once the connection is established, the scammer gains unfettered access to the user's funds, enabling them to withdraw funds into their own personal wallet addresses without any form of user authentication or consent.

這些惡意行為者所採用的錢包騙局經過巧妙設計，旨在引誘用戶訪問假冒網站並提示他們連接其加密貨幣錢包。一旦建立連接，詐騙者就可以不受限制地存取用戶的資金，使他們能夠將資金提取到自己的個人錢包地址中，而無需任何形式的用戶身份驗證或同意。

Blockchain Security Experts Issue Warnings

區塊鏈安全專家發出警告

Blockchain security firm SlowMist's chief information security officer, 23pds, echoed the warnings about the phishing advertisements on Etherscan. He urged vigilance, cautioning users to be wary of suspicious advertisements.

區塊鏈安全公司 SlowMist 的首席資訊安全官 23pds 回應了有關 Etherscan 上網路釣魚廣告的警告。他敦促用戶保持警惕，警惕可疑廣告。

Suspect Organization and Lack of Concrete Evidence

組織可疑且缺乏具體證據

While suspicions point towards the notorious cyber phishing organization, Angel Drainer, as the perpetrator behind the ongoing phishing attack campaign against Etherscan users, concrete evidence remains elusive at this time.

雖然人們懷疑臭名昭著的網路釣魚組織 Angel Drainer 是持續針對 Etherscan 用戶的網路釣魚攻擊活動的幕後黑手，但目前仍缺乏具體證據。

Escalating Crypto Phishing Epidemic

加密貨幣網路釣魚的流行不斷升級

The Etherscan phishing epidemic underscores the escalating threat posed by crypto phishing attacks. In 2023 alone, these malicious campaigns have pilfered nearly $300 million from over 324,000 victims, according to alarming statistics provided by Cointelegraph.

Etherscan 網路釣魚盛行凸顯了加密貨幣網路釣魚攻擊所帶來的不斷升級的威脅。根據 Cointelegraph 提供的令人震驚的統計數據，光是 2023 年，這些惡意活動就從超過 324,000 名受害者那裡竊取了近 3 億美元。

Notable wallet drainers active in 2023 include:

2023 年活躍的著名錢包消耗者包括：

• Omega Drainer
• Blue Panther Drainer
• Strong Drainer
• Tusk Drainer

Phishing Gangs Exploit Lax Enforcement

Omega DrainerBlue Panther DrainerStrong DrainerTusk Drainer網路釣魚團夥利用執法不嚴

Scam Sniffer's investigation uncovered a disturbing trend: even when malicious actors close down their phishing operations, "phishing gangs" simply relocate their activities to other platforms. Evidently, there is no shortage of unscrupulous providers supplying services to these scammers, which highlights the urgent need for enhanced enforcement and regulation in the digital landscape.

Scam Sniffer 的調查發現了一個令人不安的趨勢：即使惡意行為者關閉了他們的網路釣魚活動，「網路釣魚團夥」也只是將他們的活動轉移到其他平台。顯然，向這些詐騙者提供服務的不道德提供者並不缺乏，這凸顯了加強數位領域執法和監管的迫切需求。