Etherscan 网络钓鱼危机：恶意广告耗尽加密货币钱包

以太坊区块链浏览器 Etherscan 已受到涉及恶意广告的大规模网络钓鱼活动的影响。这些广告将用户重定向到虚假网站，从而耗尽他们的加密钱包。该网络钓鱼活动从 Etherscan 扩展到搜索引擎和社交媒体平台，知名网络钓鱼组织 Angel Drainer 疑似对此负责。尽管安全专家发出警告，但广告聚合商缺乏监督被认为是这次广泛攻击的根本原因。

Etherscan's Phishing Epidemic: A Comprehensive Analysis

Etherscan网络钓鱼盛行：综合分析

, April 8, 2023

，2023 年 4 月 8 日

A pervasive phishing campaign has compromised the integrity of Etherscan, the Ethereum blockchain explorer, leaving its users vulnerable to malicious actors. Advertisements embedded within the platform have been instrumental in diverting unsuspecting victims to fraudulent websites designed to drain their cryptocurrency wallets.

普遍存在的网络钓鱼活动损害了以太坊区块链浏览器 Etherscan 的完整性，使其用户容易受到恶意行为者的攻击。该平台内嵌入的广告有助于将毫无戒心的受害者转移到旨在耗尽其加密货币钱包的欺诈网站。

Initial Detection and Escalation

初步检测和升级

The initial alarm was raised by McBiblets, an astute community member, who identified multiple advertisements on Etherscan as potential vectors for wallet compromise. He cautioned users against clicking on these advertisements, warning of the risk of being redirected to phishing websites.

最初的警报是由精明的社区成员 McBiblets 发出的，他发现 Etherscan 上的多个广告是钱包泄露的潜在媒介。他警告用户不要点击这些广告，并警告用户存在被重定向到网络钓鱼网站的风险。

Thorough investigations revealed that these malicious advertisements were not isolated to Etherscan but were also present on numerous known phishing websites. Scam Sniffer, a prominent Web3 anti-scam platform, meticulously traced the origins of the advertisements, confirming that they spread beyond Etherscan's domain and reached popular search engines, including Google, Bing, and DuckDuckGo, and even surfaced on social media platforms like X.

彻底的调查显示，这些恶意广告并未被 Etherscan 隔离，而且还存在于许多已知的网络钓鱼网站上。 Scam Sniffer 是著名的 Web3 反诈骗平台，它仔细追踪了广告的来源，确认它们传播到了 Etherscan 的域之外，到达了流行的搜索引擎，包括 Google、Bing 和 DuckDuckGo，甚至出现在 X 等社交媒体平台上。

Root Cause Analysis

根本原因分析

Scam Sniffer pinpointed the lack of oversight from advertisement aggregators as the underlying cause of the widespread phishing campaign. Etherscan sources its advertisements from platforms such as Coinzilla and Persona, and insufficient filtering mechanisms within these platforms enable phishing attempts to slip through unchecked.

Scam Sniffer 指出，广告聚合商缺乏监管是网络钓鱼活动广泛传播的根本原因。 Etherscan 从 Coinzilla 和 Persona 等平台获取广告，而这些平台内的过滤机制不足，使得网络钓鱼企图无法得到遏制。

The Modus Operandi of Wallet Drainers

钱包流失者的作案手法

The wallet drainer scams employed by these malicious actors are cunningly designed to lure users to counterfeit websites and prompt them to connect their cryptocurrency wallets. Once the connection is established, the scammer gains unfettered access to the user's funds, enabling them to withdraw funds into their own personal wallet addresses without any form of user authentication or consent.

这些恶意行为者所采用的钱包骗局经过巧妙设计，旨在引诱用户访问假冒网站并提示他们连接其加密货币钱包。一旦建立连接，诈骗者就可以不受限制地访问用户的资金，使他们能够将资金提取到自己的个人钱包地址中，而无需任何形式的用户身份验证或同意。

Blockchain Security Experts Issue Warnings

区块链安全专家发出警告

Blockchain security firm SlowMist's chief information security officer, 23pds, echoed the warnings about the phishing advertisements on Etherscan. He urged vigilance, cautioning users to be wary of suspicious advertisements.

区块链安全公司 SlowMist 的首席信息安全官 23pds 回应了有关 Etherscan 上网络钓鱼广告的警告。他敦促用户保持警惕，警惕可疑广告。

Suspect Organization and Lack of Concrete Evidence

组织可疑且缺乏具体证据

While suspicions point towards the notorious cyber phishing organization, Angel Drainer, as the perpetrator behind the ongoing phishing attack campaign against Etherscan users, concrete evidence remains elusive at this time.

虽然人们怀疑臭名昭著的网络钓鱼组织 Angel Drainer 是持续针对 Etherscan 用户的网络钓鱼攻击活动的幕后黑手，但目前仍缺乏具体证据。

Escalating Crypto Phishing Epidemic

加密货币网络钓鱼的流行不断升级

The Etherscan phishing epidemic underscores the escalating threat posed by crypto phishing attacks. In 2023 alone, these malicious campaigns have pilfered nearly $300 million from over 324,000 victims, according to alarming statistics provided by Cointelegraph.

Etherscan 网络钓鱼盛行凸显了加密货币网络钓鱼攻击所带来的不断升级的威胁。根据 Cointelegraph 提供的令人震惊的统计数据，仅 2023 年，这些恶意活动就从超过 324,000 名受害者那里窃取了近 3 亿美元。

Notable wallet drainers active in 2023 include:

2023 年活跃的著名钱包消耗者包括：

• Omega Drainer
• Blue Panther Drainer
• Strong Drainer
• Tusk Drainer

Phishing Gangs Exploit Lax Enforcement

Omega DrainerBlue Panther DrainerStrong DrainerTusk Drainer网络钓鱼团伙利用执法不严

Scam Sniffer's investigation uncovered a disturbing trend: even when malicious actors close down their phishing operations, "phishing gangs" simply relocate their activities to other platforms. Evidently, there is no shortage of unscrupulous providers supplying services to these scammers, which highlights the urgent need for enhanced enforcement and regulation in the digital landscape.

Scam Sniffer 的调查发现了一个令人不安的趋势：即使恶意行为者关闭了他们的网络钓鱼活动，“网络钓鱼团伙”也只是将他们的活动转移到其他平台。显然，向这些诈骗者提供服务的不道德提供商并不缺乏，这凸显了加强数字领域执法和监管的迫切需要。