Phishing scammers have exploited the popularity of cryptocurrency news and analysis sites, such as Blockworks and Etherscan, to deceive unsuspecting users into compromising their wallets, draining their cryptocurrency funds. In one instance, a fraudulent Blockworks website posted a fabricated "breaking" news story regarding an alleged multi-million dollar "approval vulnerability" on the decentralized exchange Uniswap. This fake report directed users to the counterfeit Etherscan website, urging them to revoke approval.
The fake Uniswap article was shared across various cryptocurrency-related subreddits on Reddit. The perpetrator appeared to have taken control of a compromised Reddit account to disseminate the fraudulent content. The counterfeit Etherscan site masqueraded as a token and smart contract approval checker but, in reality, operated as a wallet drainer.
Blockchain security firm Beosin conducted an analysis of the wallet drainer's smart contract, revealing the attacker's intent to drain a wallet with a minimum of 0.1 Ethereum, valued at approximately $180. However, the phishing transactions failed to initiate upon wallet connection. An examination of the domain registrations showed that the counterfeit Etherscan site, approvalscan.io, was registered on October 25. The counterfeit Blockworks website, blockworks.media, was registered a day later.
Notably, another fraudulent website cloned the cryptocurrency news outlet Decrypt, deploying a wallet stealer to compromise user wallets. It's important to highlight that the fraudulent Blockworks and Decrypt websites are operated by different scammer groups, indicating a growing trend in the exploitation of popular cryptocurrency resources for malicious activities.
